VirtualBox

Ticket #17321: ubuntu1604-devbox-2018-03-16-13-23-47-hardening.log

File ubuntu1604-devbox-2018-03-16-13-23-47-hardening.log, 499.9 KB (added by BigSisl, 7 years ago)

VBOXHardening-log ubuntu1604-devbox-2018-03-16-13-23-46

Line 
11b10.758: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21b10.758: \SystemRoot\System32\ntdll.dll:
31b10.758: CreationTime: 2018-02-28T09:22:08.990045400Z
41b10.758: LastWriteTime: 2018-01-12T16:33:04.553127000Z
51b10.758: ChangeTime: 2018-02-28T13:40:36.034694500Z
61b10.758: FileAttributes: 0x20
71b10.758: Size: 0x196968
81b10.758: NT Headers: 0xe0
91b10.758: Timestamp: 0x5a58e571
101b10.758: Machine: 0x8664 - amd64
111b10.758: Timestamp: 0x5a58e571
121b10.758: Image Version: 6.1
131b10.758: SizeOfImage: 0x19f000 (1699840)
141b10.758: Resource Dir: 0x142000 LB 0x5a028
151b10.758: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161b10.758: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
171b10.758: ProductName: Microsoft® Windows® Operating System
181b10.758: ProductVersion: 6.1.7601.24024
191b10.758: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
201b10.758: FileDescription: NT Layer DLL
211b10.758: \SystemRoot\System32\kernel32.dll:
221b10.758: CreationTime: 2018-02-28T09:22:09.359545400Z
231b10.758: LastWriteTime: 2018-01-12T16:40:45.086000000Z
241b10.758: ChangeTime: 2018-02-28T13:40:37.391816200Z
251b10.758: FileAttributes: 0x20
261b10.758: Size: 0x11c000
271b10.758: NT Headers: 0xe0
281b10.758: Timestamp: 0x5a58e5b6
291b10.758: Machine: 0x8664 - amd64
301b10.758: Timestamp: 0x5a58e5b6
311b10.758: Image Version: 6.1
321b10.758: SizeOfImage: 0x11f000 (1175552)
331b10.758: Resource Dir: 0x116000 LB 0x528
341b10.758: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351b10.758: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
361b10.758: ProductName: Microsoft® Windows® Operating System
371b10.758: ProductVersion: 6.1.7601.24024
381b10.758: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
391b10.758: FileDescription: Windows NT BASE API Client DLL
401b10.758: \SystemRoot\System32\KernelBase.dll:
411b10.758: CreationTime: 2018-02-28T09:22:31.322045400Z
421b10.758: LastWriteTime: 2018-01-12T16:40:45.086000000Z
431b10.758: ChangeTime: 2018-02-28T13:40:37.360618000Z
441b10.758: FileAttributes: 0x20
451b10.758: Size: 0x66800
461b10.758: NT Headers: 0xe8
471b10.758: Timestamp: 0x5a58e5b7
481b10.758: Machine: 0x8664 - amd64
491b10.758: Timestamp: 0x5a58e5b7
501b10.758: Image Version: 6.1
511b10.758: SizeOfImage: 0x6a000 (434176)
521b10.758: Resource Dir: 0x68000 LB 0x530
531b10.758: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541b10.758: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
551b10.758: ProductName: Microsoft® Windows® Operating System
561b10.758: ProductVersion: 6.1.7601.24024
571b10.758: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
581b10.758: FileDescription: Windows NT BASE API Client DLL
591b10.758: \SystemRoot\System32\apisetschema.dll:
601b10.758: CreationTime: 2018-02-28T09:22:37.851545400Z
611b10.758: LastWriteTime: 2018-01-12T16:40:40.796000000Z
621b10.758: ChangeTime: 2018-02-28T13:40:35.894302600Z
631b10.758: FileAttributes: 0x20
641b10.758: Size: 0x1a00
651b10.758: NT Headers: 0xc0
661b10.758: Timestamp: 0x5a58e551
671b10.758: Machine: 0x8664 - amd64
681b10.758: Timestamp: 0x5a58e551
691b10.758: Image Version: 6.1
701b10.758: SizeOfImage: 0x50000 (327680)
711b10.758: Resource Dir: 0x30000 LB 0x3f8
721b10.758: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731b10.758: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
741b10.758: ProductName: Microsoft® Windows® Operating System
751b10.758: ProductVersion: 6.1.7601.24024
761b10.758: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
771b10.758: FileDescription: ApiSet Schema DLL
781b10.758: NtOpenDirectoryObject failed on \Driver: 0xc0000022
791b10.758: supR3HardenedWinFindAdversaries: 0x8
801b10.758: \SystemRoot\System32\drivers\tmcomm.sys:
811b10.758: CreationTime: 2016-11-04T09:40:52.000000000Z
821b10.758: LastWriteTime: 2017-04-06T23:40:56.000000000Z
831b10.758: ChangeTime: 2017-09-27T03:55:47.890352500Z
841b10.758: FileAttributes: 0x20
851b10.758: Size: 0x6a2d0
861b10.758: NT Headers: 0x100
871b10.758: Timestamp: 0x58ddbfff
881b10.758: Machine: 0x8664 - amd64
891b10.758: Timestamp: 0x58ddbfff
901b10.758: Image Version: 10.0
911b10.758: SizeOfImage: 0x6c000 (442368)
921b10.758: Resource Dir: 0x6a000 LB 0x568
931b10.758: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
941b10.758: [Raw version resource data: 0x6a060 LB 0x504, codepage 0x0 (reserved 0x0)]
951b10.758: ProductName: Trend Micro Eyes
961b10.758: ProductVersion: 7.0
971b10.758: FileVersion: 7.0.0.1126
981b10.758: SpecialBuild: 1126
991b10.758: PrivateBuild: Build 1126 - 3/31/2017
1001b10.758: FileDescription: TrendMicro Common Module
1011b10.758: \SystemRoot\System32\drivers\tmactmon.sys:
1021b10.758: CreationTime: 2016-11-04T11:09:48.000000000Z
1031b10.758: LastWriteTime: 2017-07-03T03:54:50.000000000Z
1041b10.758: ChangeTime: 2017-09-27T03:55:47.890352500Z
1051b10.758: FileAttributes: 0x20
1061b10.758: Size: 0x20878
1071b10.758: NT Headers: 0xe0
1081b10.758: Timestamp: 0x594cad7a
1091b10.758: Machine: 0x8664 - amd64
1101b10.758: Timestamp: 0x594cad7a
1111b10.758: Image Version: 6.0
1121b10.758: SizeOfImage: 0x24000 (147456)
1131b10.758: Resource Dir: 0x22000 LB 0x590
1141b10.758: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1151b10.758: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)]
1161b10.758: ProductName: Trend Micro AEGIS
1171b10.758: ProductVersion: 2.976
1181b10.758: FileVersion: 2.976.0.1207
1191b10.758: SpecialBuild: 1207
1201b10.758: PrivateBuild: Build 1207 - 6/23/2017
1211b10.758: FileDescription: TrendMicro Activity Monitor Module
1221b10.758: \SystemRoot\System32\drivers\tmevtmgr.sys:
1231b10.758: CreationTime: 2016-11-04T11:12:38.000000000Z
1241b10.758: LastWriteTime: 2017-07-03T03:54:42.000000000Z
1251b10.758: ChangeTime: 2017-09-27T03:55:47.905952600Z
1261b10.758: FileAttributes: 0x20
1271b10.758: Size: 0x17060
1281b10.758: NT Headers: 0xe0
1291b10.758: Timestamp: 0x594cad71
1301b10.758: Machine: 0x8664 - amd64
1311b10.758: Timestamp: 0x594cad71
1321b10.758: Image Version: 6.0
1331b10.758: SizeOfImage: 0x17000 (94208)
1341b10.758: Resource Dir: 0x15000 LB 0x590
1351b10.758: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1361b10.758: [Raw version resource data: 0x15060 LB 0x52c, codepage 0x0 (reserved 0x0)]
1371b10.758: ProductName: Trend Micro AEGIS
1381b10.758: ProductVersion: 2.976
1391b10.758: FileVersion: 2.976.0.1207
1401b10.758: SpecialBuild: 1207
1411b10.758: PrivateBuild: Build 1207 - 6/23/2017
1421b10.758: FileDescription: TrendMicro Event Management Module
1431b10.758: \SystemRoot\System32\drivers\tmebc64.sys:
1441b10.758: CreationTime: 2015-11-19T13:58:04.000000000Z
1451b10.758: LastWriteTime: 2015-11-19T13:58:04.000000000Z
1461b10.758: ChangeTime: 2018-03-15T10:03:06.838722700Z
1471b10.758: FileAttributes: 0x20
1481b10.758: Size: 0x11b38
1491b10.758: NT Headers: 0xf8
1501b10.758: Timestamp: 0x564ac673
1511b10.758: Machine: 0x8664 - amd64
1521b10.758: Timestamp: 0x564ac673
1531b10.758: Image Version: 6.0
1541b10.758: SizeOfImage: 0x12000 (73728)
1551b10.758: Resource Dir: 0x10000 LB 0x6f8
1561b10.758: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1571b10.758: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)]
1581b10.758: ProductName: Trend Micro Early Boot Clean
1591b10.758: ProductVersion: 1.5
1601b10.758: FileVersion: 1.5.0.1023
1611b10.758: SpecialBuild: 1023
1621b10.758: PrivateBuild: Build 1023 - 11/17/2015
1631b10.758: FileDescription: Trend Micro early boot driver
1641b10.758: \SystemRoot\System32\drivers\tmeevw.sys:
1651b10.758: CreationTime: 2015-06-08T11:54:40.000000000Z
1661b10.758: LastWriteTime: 2017-05-11T16:52:26.000000000Z
1671b10.758: ChangeTime: 2017-11-02T10:52:09.780610200Z
1681b10.758: FileAttributes: 0x20
1691b10.758: Size: 0x1f478
1701b10.758: NT Headers: 0xf0
1711b10.758: Timestamp: 0x59094418
1721b10.758: Machine: 0x8664 - amd64
1731b10.758: Timestamp: 0x59094418
1741b10.758: Image Version: 6.1
1751b10.758: SizeOfImage: 0x1f000 (126976)
1761b10.758: Resource Dir: 0x1a000 LB 0x3854
1771b10.758: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1781b10.758: [Raw version resource data: 0x1d36c LB 0x4e8, codepage 0x4e4 (reserved 0x0)]
1791b10.758: ProductName: Trend Micro EagleEye
1801b10.758: ProductVersion: 2.0
1811b10.758: FileVersion: 2.0.0.1039
1821b10.758: SpecialBuild: 1039
1831b10.758: PrivateBuild: Build 1039 - 5/3/2017
1841b10.758: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
1851b10.758: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1861b10.758: Calling main()
1871b10.758: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1881b10.758: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1891b10.758: SUPR3HardenedMain: Respawn #1
1901b10.758: System32: \Device\HarddiskVolume2\Windows\System32
1911b10.758: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1921b10.758: KnownDllPath: C:\WINDOWS\system32
1931b10.758: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1941b10.758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1951b10.758: supR3HardNtEnableThreadCreation:
1961b10.758: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077083740 pvNtTerminateThread=00000000770a9dd0
1971b10.758: supR3HardenedWinDoReSpawn(1): New child 237c.1394 [kernel32].
1981b10.758: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1991b10.758: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000
2001b10.758: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077083740
2011b10.758: supR3HardenedWinSetupChildInit: Start child.
2021b10.758: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2031b10.758: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
2041b10.758: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2051b10.758: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2061b10.758: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2071b10.758: *0000000000030000-000000000012bfff 0x0000/0x0004 0x0020000
2081b10.758: 000000000012c000-000000000012dfff 0x0104/0x0004 0x0020000
2091b10.758: 000000000012e000-000000000012ffff 0x0004/0x0004 0x0020000
2101b10.758: *0000000000130000-0000000000133fff 0x0002/0x0002 0x0040000
2111b10.758: 0000000000134000-000000000013ffff 0x0001/0x0000 0x0000000
2121b10.758: *0000000000140000-0000000000140fff 0x0004/0x0004 0x0020000
2131b10.758: 0000000000141000-000000007703ffff 0x0001/0x0000 0x0000000
2141b10.758: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2151b10.758: 0000000077041000-0000000077164fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2161b10.758: 0000000077165000-000000007716afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2171b10.758: 000000007716b000-000000007716bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2181b10.758: 000000007716c000-0000000077173fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2191b10.758: 0000000077174000-00000000771defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2201b10.758: 00000000771df000-000000007efdffff 0x0001/0x0000 0x0000000
2211b10.758: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2221b10.758: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2231b10.758: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2241b10.758: 000000007fff0000-000000013f41ffff 0x0001/0x0000 0x0000000
2251b10.758: *000000013f420000-000000013f420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2261b10.758: 000000013f421000-000000013f491fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2271b10.758: 000000013f492000-000000013f492fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2281b10.758: 000000013f493000-000000013f4d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2291b10.758: 000000013f4d9000-000000013f4d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2301b10.758: 000000013f4da000-000000013f4dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2311b10.758: 000000013f4db000-000000013f4dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2321b10.758: 000000013f4e0000-000000013f4e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2331b10.758: 000000013f4e1000-000000013f4e1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2341b10.758: 000000013f4e2000-000000013f4e5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2351b10.758: 000000013f4e6000-000000013f52dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2361b10.758: 000000013f52e000-000007feff33ffff 0x0001/0x0000 0x0000000
2371b10.758: *000007feff340000-000007feff340fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2381b10.758: 000007feff341000-000007fffffaffff 0x0001/0x0000 0x0000000
2391b10.758: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
2401b10.758: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
2411b10.758: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
2421b10.758: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
2431b10.758: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
2441b10.758: apisetschema.dll: timestamp 0x5a58e551 (rc=VINF_SUCCESS)
2451b10.758: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
2461b10.758: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2471b10.758: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2481b10.758: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2491b10.758: supR3HardNtChildPurify: Done after 556 ms and 0 fixes (loop #0).
250237c.1394: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
251237c.1394: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100
252237c.1394: ntdll.dll: timestamp 0x5a58e571 (rc=VINF_SUCCESS)
253237c.1394: New simple heap: #1 0000000000250000 LB 0x400000 (for 1699840 allocation)
2541b10.758: supR3HardNtEnableThreadCreation:
255237c.1394: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
256237c.1394: System32: \Device\HarddiskVolume2\Windows\System32
257237c.1394: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
258237c.1394: KnownDllPath: C:\WINDOWS\system32
259237c.1394: supR3HardenedVmProcessInit: Opening vboxdrv stub...
260237c.1394: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
261237c.1394: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
262237c.1394: Registered Dll notification callback with NTDLL.
263237c.1394: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
264237c.1394: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
265237c.1394: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
266237c.1394: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
267237c.1394: supR3HardenedDllNotificationCallback: load 0000000076e20000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
268237c.1394: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
269237c.1394: supR3HardenedDllNotificationCallback: load 000007fefd060000 LB 0x0006a000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
270237c.1394: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
271237c.1394: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
272237c.1394: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'C:\WINDOWS\system32\kernel32.dll'
273237c.1394: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077083740 pvNtTerminateThread=00000000770a9dd0
2741b10.758: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 28 ms.
275237c.1394: \SystemRoot\System32\ntdll.dll:
276237c.1394: CreationTime: 2018-02-28T09:22:08.990045400Z
277237c.1394: LastWriteTime: 2018-01-12T16:33:04.553127000Z
278237c.1394: ChangeTime: 2018-02-28T13:40:36.034694500Z
279237c.1394: FileAttributes: 0x20
280237c.1394: Size: 0x196968
281237c.1394: NT Headers: 0xe0
282237c.1394: Timestamp: 0x5a58e571
283237c.1394: Machine: 0x8664 - amd64
284237c.1394: Timestamp: 0x5a58e571
285237c.1394: Image Version: 6.1
286237c.1394: SizeOfImage: 0x19f000 (1699840)
287237c.1394: Resource Dir: 0x142000 LB 0x5a028
288237c.1394: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
289237c.1394: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
290237c.1394: ProductName: Microsoft® Windows® Operating System
291237c.1394: ProductVersion: 6.1.7601.24024
292237c.1394: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
293237c.1394: FileDescription: NT Layer DLL
294237c.1394: \SystemRoot\System32\kernel32.dll:
295237c.1394: CreationTime: 2018-02-28T09:22:09.359545400Z
296237c.1394: LastWriteTime: 2018-01-12T16:40:45.086000000Z
297237c.1394: ChangeTime: 2018-02-28T13:40:37.391816200Z
298237c.1394: FileAttributes: 0x20
299237c.1394: Size: 0x11c000
300237c.1394: NT Headers: 0xe0
301237c.1394: Timestamp: 0x5a58e5b6
302237c.1394: Machine: 0x8664 - amd64
303237c.1394: Timestamp: 0x5a58e5b6
304237c.1394: Image Version: 6.1
305237c.1394: SizeOfImage: 0x11f000 (1175552)
306237c.1394: Resource Dir: 0x116000 LB 0x528
307237c.1394: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
308237c.1394: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
309237c.1394: ProductName: Microsoft® Windows® Operating System
310237c.1394: ProductVersion: 6.1.7601.24024
311237c.1394: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
312237c.1394: FileDescription: Windows NT BASE API Client DLL
313237c.1394: \SystemRoot\System32\KernelBase.dll:
314237c.1394: CreationTime: 2018-02-28T09:22:31.322045400Z
315237c.1394: LastWriteTime: 2018-01-12T16:40:45.086000000Z
316237c.1394: ChangeTime: 2018-02-28T13:40:37.360618000Z
317237c.1394: FileAttributes: 0x20
318237c.1394: Size: 0x66800
319237c.1394: NT Headers: 0xe8
320237c.1394: Timestamp: 0x5a58e5b7
321237c.1394: Machine: 0x8664 - amd64
322237c.1394: Timestamp: 0x5a58e5b7
323237c.1394: Image Version: 6.1
324237c.1394: SizeOfImage: 0x6a000 (434176)
325237c.1394: Resource Dir: 0x68000 LB 0x530
326237c.1394: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
327237c.1394: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
328237c.1394: ProductName: Microsoft® Windows® Operating System
329237c.1394: ProductVersion: 6.1.7601.24024
330237c.1394: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
331237c.1394: FileDescription: Windows NT BASE API Client DLL
332237c.1394: \SystemRoot\System32\apisetschema.dll:
333237c.1394: CreationTime: 2018-02-28T09:22:37.851545400Z
334237c.1394: LastWriteTime: 2018-01-12T16:40:40.796000000Z
335237c.1394: ChangeTime: 2018-02-28T13:40:35.894302600Z
336237c.1394: FileAttributes: 0x20
337237c.1394: Size: 0x1a00
338237c.1394: NT Headers: 0xc0
339237c.1394: Timestamp: 0x5a58e551
340237c.1394: Machine: 0x8664 - amd64
341237c.1394: Timestamp: 0x5a58e551
342237c.1394: Image Version: 6.1
343237c.1394: SizeOfImage: 0x50000 (327680)
344237c.1394: Resource Dir: 0x30000 LB 0x3f8
345237c.1394: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
346237c.1394: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
347237c.1394: ProductName: Microsoft® Windows® Operating System
348237c.1394: ProductVersion: 6.1.7601.24024
349237c.1394: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
350237c.1394: FileDescription: ApiSet Schema DLL
351237c.1394: NtOpenDirectoryObject failed on \Driver: 0xc0000022
352237c.1394: supR3HardenedWinFindAdversaries: 0x8
353237c.1394: \SystemRoot\System32\drivers\tmcomm.sys:
354237c.1394: CreationTime: 2016-11-04T09:40:52.000000000Z
355237c.1394: LastWriteTime: 2017-04-06T23:40:56.000000000Z
356237c.1394: ChangeTime: 2017-09-27T03:55:47.890352500Z
357237c.1394: FileAttributes: 0x20
358237c.1394: Size: 0x6a2d0
359237c.1394: NT Headers: 0x100
360237c.1394: Timestamp: 0x58ddbfff
361237c.1394: Machine: 0x8664 - amd64
362237c.1394: Timestamp: 0x58ddbfff
363237c.1394: Image Version: 10.0
364237c.1394: SizeOfImage: 0x6c000 (442368)
365237c.1394: Resource Dir: 0x6a000 LB 0x568
366237c.1394: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
367237c.1394: [Raw version resource data: 0x6a060 LB 0x504, codepage 0x0 (reserved 0x0)]
368237c.1394: ProductName: Trend Micro Eyes
369237c.1394: ProductVersion: 7.0
370237c.1394: FileVersion: 7.0.0.1126
371237c.1394: SpecialBuild: 1126
372237c.1394: PrivateBuild: Build 1126 - 3/31/2017
373237c.1394: FileDescription: TrendMicro Common Module
374237c.1394: \SystemRoot\System32\drivers\tmactmon.sys:
375237c.1394: CreationTime: 2016-11-04T11:09:48.000000000Z
376237c.1394: LastWriteTime: 2017-07-03T03:54:50.000000000Z
377237c.1394: ChangeTime: 2017-09-27T03:55:47.890352500Z
378237c.1394: FileAttributes: 0x20
379237c.1394: Size: 0x20878
380237c.1394: NT Headers: 0xe0
381237c.1394: Timestamp: 0x594cad7a
382237c.1394: Machine: 0x8664 - amd64
383237c.1394: Timestamp: 0x594cad7a
384237c.1394: Image Version: 6.0
385237c.1394: SizeOfImage: 0x24000 (147456)
386237c.1394: Resource Dir: 0x22000 LB 0x590
387237c.1394: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
388237c.1394: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)]
389237c.1394: ProductName: Trend Micro AEGIS
390237c.1394: ProductVersion: 2.976
391237c.1394: FileVersion: 2.976.0.1207
392237c.1394: SpecialBuild: 1207
393237c.1394: PrivateBuild: Build 1207 - 6/23/2017
394237c.1394: FileDescription: TrendMicro Activity Monitor Module
395237c.1394: \SystemRoot\System32\drivers\tmevtmgr.sys:
396237c.1394: CreationTime: 2016-11-04T11:12:38.000000000Z
397237c.1394: LastWriteTime: 2017-07-03T03:54:42.000000000Z
398237c.1394: ChangeTime: 2017-09-27T03:55:47.905952600Z
399237c.1394: FileAttributes: 0x20
400237c.1394: Size: 0x17060
401237c.1394: NT Headers: 0xe0
402237c.1394: Timestamp: 0x594cad71
403237c.1394: Machine: 0x8664 - amd64
404237c.1394: Timestamp: 0x594cad71
405237c.1394: Image Version: 6.0
406237c.1394: SizeOfImage: 0x17000 (94208)
407237c.1394: Resource Dir: 0x15000 LB 0x590
408237c.1394: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
409237c.1394: [Raw version resource data: 0x15060 LB 0x52c, codepage 0x0 (reserved 0x0)]
410237c.1394: ProductName: Trend Micro AEGIS
411237c.1394: ProductVersion: 2.976
412237c.1394: FileVersion: 2.976.0.1207
413237c.1394: SpecialBuild: 1207
414237c.1394: PrivateBuild: Build 1207 - 6/23/2017
415237c.1394: FileDescription: TrendMicro Event Management Module
416237c.1394: \SystemRoot\System32\drivers\tmebc64.sys:
417237c.1394: CreationTime: 2015-11-19T13:58:04.000000000Z
418237c.1394: LastWriteTime: 2015-11-19T13:58:04.000000000Z
419237c.1394: ChangeTime: 2018-03-15T10:03:06.838722700Z
420237c.1394: FileAttributes: 0x20
421237c.1394: Size: 0x11b38
422237c.1394: NT Headers: 0xf8
423237c.1394: Timestamp: 0x564ac673
424237c.1394: Machine: 0x8664 - amd64
425237c.1394: Timestamp: 0x564ac673
426237c.1394: Image Version: 6.0
427237c.1394: SizeOfImage: 0x12000 (73728)
428237c.1394: Resource Dir: 0x10000 LB 0x6f8
429237c.1394: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
430237c.1394: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)]
431237c.1394: ProductName: Trend Micro Early Boot Clean
432237c.1394: ProductVersion: 1.5
433237c.1394: FileVersion: 1.5.0.1023
434237c.1394: SpecialBuild: 1023
435237c.1394: PrivateBuild: Build 1023 - 11/17/2015
436237c.1394: FileDescription: Trend Micro early boot driver
437237c.1394: \SystemRoot\System32\drivers\tmeevw.sys:
438237c.1394: CreationTime: 2015-06-08T11:54:40.000000000Z
439237c.1394: LastWriteTime: 2017-05-11T16:52:26.000000000Z
440237c.1394: ChangeTime: 2017-11-02T10:52:09.780610200Z
441237c.1394: FileAttributes: 0x20
442237c.1394: Size: 0x1f478
443237c.1394: NT Headers: 0xf0
444237c.1394: Timestamp: 0x59094418
445237c.1394: Machine: 0x8664 - amd64
446237c.1394: Timestamp: 0x59094418
447237c.1394: Image Version: 6.1
448237c.1394: SizeOfImage: 0x1f000 (126976)
449237c.1394: Resource Dir: 0x1a000 LB 0x3854
450237c.1394: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
451237c.1394: [Raw version resource data: 0x1d36c LB 0x4e8, codepage 0x4e4 (reserved 0x0)]
452237c.1394: ProductName: Trend Micro EagleEye
453237c.1394: ProductVersion: 2.0
454237c.1394: FileVersion: 2.0.0.1039
455237c.1394: SpecialBuild: 1039
456237c.1394: PrivateBuild: Build 1039 - 5/3/2017
457237c.1394: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
458237c.1394: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
459237c.1394: Calling main()
460237c.1394: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
461237c.1394: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
462237c.1394: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
463237c.1394: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
464237c.1394: SUPR3HardenedMain: Respawn #2
465237c.1394: supR3HardNtEnableThreadCreation:
466237c.1394: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
467237c.1394: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
468237c.1394: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
469237c.1394: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
470237c.1394: supR3HardenedDllNotificationCallback: load 000007fefcb00000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
471237c.1394: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
472237c.1394: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb00000 'C:\WINDOWS\system32\apphelp.dll'
473237c.1394: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077083740 pvNtTerminateThread=00000000770a9dd0
474237c.1394: supR3HardenedWinDoReSpawn(2): New child 1cd0.2358 [kernel32].
475237c.1394: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
476237c.1394: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077040000 uNtDllChildAddr=0000000077040000
477237c.1394: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077083740
478237c.1394: supR3HardenedWinSetupChildInit: Start child.
479237c.1394: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
480237c.1394: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
481237c.1394: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
482237c.1394: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
483237c.1394: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
484237c.1394: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
485237c.1394: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
486237c.1394: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
487237c.1394: 0000000000041000-000000000019ffff 0x0001/0x0000 0x0000000
488237c.1394: *00000000001a0000-000000000029bfff 0x0000/0x0004 0x0020000
489237c.1394: 000000000029c000-000000000029dfff 0x0104/0x0004 0x0020000
490237c.1394: 000000000029e000-000000000029ffff 0x0004/0x0004 0x0020000
491237c.1394: 00000000002a0000-000000007703ffff 0x0001/0x0000 0x0000000
492237c.1394: *0000000077040000-0000000077040fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
493237c.1394: 0000000077041000-0000000077164fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
494237c.1394: 0000000077165000-000000007716afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
495237c.1394: 000000007716b000-000000007716bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
496237c.1394: 000000007716c000-0000000077173fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
497237c.1394: 0000000077174000-00000000771defff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
498237c.1394: 00000000771df000-000000007efdffff 0x0001/0x0000 0x0000000
499237c.1394: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
500237c.1394: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
501237c.1394: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
502237c.1394: 000000007fff0000-000000013f41ffff 0x0001/0x0000 0x0000000
503237c.1394: *000000013f420000-000000013f420fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
504237c.1394: 000000013f421000-000000013f491fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
505237c.1394: 000000013f492000-000000013f492fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
506237c.1394: 000000013f493000-000000013f4d8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
507237c.1394: 000000013f4d9000-000000013f4d9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
508237c.1394: 000000013f4da000-000000013f4dafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
509237c.1394: 000000013f4db000-000000013f4dffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
510237c.1394: 000000013f4e0000-000000013f4e0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
511237c.1394: 000000013f4e1000-000000013f4e1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
512237c.1394: 000000013f4e2000-000000013f4e5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
513237c.1394: 000000013f4e6000-000000013f52dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
514237c.1394: 000000013f52e000-000007feff33ffff 0x0001/0x0000 0x0000000
515237c.1394: *000007feff340000-000007feff340fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
516237c.1394: 000007feff341000-000007fffffaffff 0x0001/0x0000 0x0000000
517237c.1394: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
518237c.1394: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
519237c.1394: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
520237c.1394: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
521237c.1394: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
522237c.1394: apisetschema.dll: timestamp 0x5a58e551 (rc=VINF_SUCCESS)
523237c.1394: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
524237c.1394: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
525237c.1394: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
526237c.1394: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
527237c.1394: supR3HardNtChildPurify: Done after 575 ms and 0 fixes (loop #0).
5281cd0.2358: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
5291cd0.2358: supR3HardenedVmProcessInit: uNtDllAddr=0000000077040000 g_uNtVerCombined=0x611db100
530237c.1394: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
531237c.1394: supR3HardNtEnableThreadCreation:
5321cd0.2358: ntdll.dll: timestamp 0x5a58e571 (rc=VINF_SUCCESS)
5331cd0.2358: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1699840 allocation)
5341cd0.2358: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5351cd0.2358: System32: \Device\HarddiskVolume2\Windows\System32
5361cd0.2358: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
5371cd0.2358: KnownDllPath: C:\WINDOWS\system32
5381cd0.2358: supR3HardenedVmProcessInit: Opening vboxdrv...
5391cd0.2358: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5401cd0.2358: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5411cd0.2358: Registered Dll notification callback with NTDLL.
5421cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5431cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5441cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5451cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5461cd0.2358: supR3HardenedDllNotificationCallback: load 0000000076e20000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
5471cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5481cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefd060000 LB 0x0006a000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
5491cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
5501cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
5511cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'C:\WINDOWS\system32\kernel32.dll'
5521cd0.2358: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077083740 pvNtTerminateThread=00000000770a9dd0
553237c.1394: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 52 ms.
5541cd0.2358: \SystemRoot\System32\ntdll.dll:
5551cd0.2358: CreationTime: 2018-02-28T09:22:08.990045400Z
5561cd0.2358: LastWriteTime: 2018-01-12T16:33:04.553127000Z
5571cd0.2358: ChangeTime: 2018-02-28T13:40:36.034694500Z
5581cd0.2358: FileAttributes: 0x20
5591cd0.2358: Size: 0x196968
5601cd0.2358: NT Headers: 0xe0
5611cd0.2358: Timestamp: 0x5a58e571
5621cd0.2358: Machine: 0x8664 - amd64
5631cd0.2358: Timestamp: 0x5a58e571
5641cd0.2358: Image Version: 6.1
5651cd0.2358: SizeOfImage: 0x19f000 (1699840)
5661cd0.2358: Resource Dir: 0x142000 LB 0x5a028
5671cd0.2358: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5681cd0.2358: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
5691cd0.2358: ProductName: Microsoft® Windows® Operating System
5701cd0.2358: ProductVersion: 6.1.7601.24024
5711cd0.2358: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
5721cd0.2358: FileDescription: NT Layer DLL
5731cd0.2358: \SystemRoot\System32\kernel32.dll:
5741cd0.2358: CreationTime: 2018-02-28T09:22:09.359545400Z
5751cd0.2358: LastWriteTime: 2018-01-12T16:40:45.086000000Z
5761cd0.2358: ChangeTime: 2018-02-28T13:40:37.391816200Z
5771cd0.2358: FileAttributes: 0x20
5781cd0.2358: Size: 0x11c000
5791cd0.2358: NT Headers: 0xe0
5801cd0.2358: Timestamp: 0x5a58e5b6
5811cd0.2358: Machine: 0x8664 - amd64
5821cd0.2358: Timestamp: 0x5a58e5b6
5831cd0.2358: Image Version: 6.1
5841cd0.2358: SizeOfImage: 0x11f000 (1175552)
5851cd0.2358: Resource Dir: 0x116000 LB 0x528
5861cd0.2358: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
5871cd0.2358: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
5881cd0.2358: ProductName: Microsoft® Windows® Operating System
5891cd0.2358: ProductVersion: 6.1.7601.24024
5901cd0.2358: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
5911cd0.2358: FileDescription: Windows NT BASE API Client DLL
5921cd0.2358: \SystemRoot\System32\KernelBase.dll:
5931cd0.2358: CreationTime: 2018-02-28T09:22:31.322045400Z
5941cd0.2358: LastWriteTime: 2018-01-12T16:40:45.086000000Z
5951cd0.2358: ChangeTime: 2018-02-28T13:40:37.360618000Z
5961cd0.2358: FileAttributes: 0x20
5971cd0.2358: Size: 0x66800
5981cd0.2358: NT Headers: 0xe8
5991cd0.2358: Timestamp: 0x5a58e5b7
6001cd0.2358: Machine: 0x8664 - amd64
6011cd0.2358: Timestamp: 0x5a58e5b7
6021cd0.2358: Image Version: 6.1
6031cd0.2358: SizeOfImage: 0x6a000 (434176)
6041cd0.2358: Resource Dir: 0x68000 LB 0x530
6051cd0.2358: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6061cd0.2358: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
6071cd0.2358: ProductName: Microsoft® Windows® Operating System
6081cd0.2358: ProductVersion: 6.1.7601.24024
6091cd0.2358: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
6101cd0.2358: FileDescription: Windows NT BASE API Client DLL
6111cd0.2358: \SystemRoot\System32\apisetschema.dll:
6121cd0.2358: CreationTime: 2018-02-28T09:22:37.851545400Z
6131cd0.2358: LastWriteTime: 2018-01-12T16:40:40.796000000Z
6141cd0.2358: ChangeTime: 2018-02-28T13:40:35.894302600Z
6151cd0.2358: FileAttributes: 0x20
6161cd0.2358: Size: 0x1a00
6171cd0.2358: NT Headers: 0xc0
6181cd0.2358: Timestamp: 0x5a58e551
6191cd0.2358: Machine: 0x8664 - amd64
6201cd0.2358: Timestamp: 0x5a58e551
6211cd0.2358: Image Version: 6.1
6221cd0.2358: SizeOfImage: 0x50000 (327680)
6231cd0.2358: Resource Dir: 0x30000 LB 0x3f8
6241cd0.2358: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6251cd0.2358: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
6261cd0.2358: ProductName: Microsoft® Windows® Operating System
6271cd0.2358: ProductVersion: 6.1.7601.24024
6281cd0.2358: FileVersion: 6.1.7601.24024 (win7sp1_ldr.180112-0600)
6291cd0.2358: FileDescription: ApiSet Schema DLL
6301cd0.2358: NtOpenDirectoryObject failed on \Driver: 0xc0000022
6311cd0.2358: supR3HardenedWinFindAdversaries: 0x8
6321cd0.2358: \SystemRoot\System32\drivers\tmcomm.sys:
6331cd0.2358: CreationTime: 2016-11-04T09:40:52.000000000Z
6341cd0.2358: LastWriteTime: 2017-04-06T23:40:56.000000000Z
6351cd0.2358: ChangeTime: 2017-09-27T03:55:47.890352500Z
6361cd0.2358: FileAttributes: 0x20
6371cd0.2358: Size: 0x6a2d0
6381cd0.2358: NT Headers: 0x100
6391cd0.2358: Timestamp: 0x58ddbfff
6401cd0.2358: Machine: 0x8664 - amd64
6411cd0.2358: Timestamp: 0x58ddbfff
6421cd0.2358: Image Version: 10.0
6431cd0.2358: SizeOfImage: 0x6c000 (442368)
6441cd0.2358: Resource Dir: 0x6a000 LB 0x568
6451cd0.2358: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6461cd0.2358: [Raw version resource data: 0x6a060 LB 0x504, codepage 0x0 (reserved 0x0)]
6471cd0.2358: ProductName: Trend Micro Eyes
6481cd0.2358: ProductVersion: 7.0
6491cd0.2358: FileVersion: 7.0.0.1126
6501cd0.2358: SpecialBuild: 1126
6511cd0.2358: PrivateBuild: Build 1126 - 3/31/2017
6521cd0.2358: FileDescription: TrendMicro Common Module
6531cd0.2358: \SystemRoot\System32\drivers\tmactmon.sys:
6541cd0.2358: CreationTime: 2016-11-04T11:09:48.000000000Z
6551cd0.2358: LastWriteTime: 2017-07-03T03:54:50.000000000Z
6561cd0.2358: ChangeTime: 2017-09-27T03:55:47.890352500Z
6571cd0.2358: FileAttributes: 0x20
6581cd0.2358: Size: 0x20878
6591cd0.2358: NT Headers: 0xe0
6601cd0.2358: Timestamp: 0x594cad7a
6611cd0.2358: Machine: 0x8664 - amd64
6621cd0.2358: Timestamp: 0x594cad7a
6631cd0.2358: Image Version: 6.0
6641cd0.2358: SizeOfImage: 0x24000 (147456)
6651cd0.2358: Resource Dir: 0x22000 LB 0x590
6661cd0.2358: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6671cd0.2358: [Raw version resource data: 0x22060 LB 0x52c, codepage 0x0 (reserved 0x0)]
6681cd0.2358: ProductName: Trend Micro AEGIS
6691cd0.2358: ProductVersion: 2.976
6701cd0.2358: FileVersion: 2.976.0.1207
6711cd0.2358: SpecialBuild: 1207
6721cd0.2358: PrivateBuild: Build 1207 - 6/23/2017
6731cd0.2358: FileDescription: TrendMicro Activity Monitor Module
6741cd0.2358: \SystemRoot\System32\drivers\tmevtmgr.sys:
6751cd0.2358: CreationTime: 2016-11-04T11:12:38.000000000Z
6761cd0.2358: LastWriteTime: 2017-07-03T03:54:42.000000000Z
6771cd0.2358: ChangeTime: 2017-09-27T03:55:47.905952600Z
6781cd0.2358: FileAttributes: 0x20
6791cd0.2358: Size: 0x17060
6801cd0.2358: NT Headers: 0xe0
6811cd0.2358: Timestamp: 0x594cad71
6821cd0.2358: Machine: 0x8664 - amd64
6831cd0.2358: Timestamp: 0x594cad71
6841cd0.2358: Image Version: 6.0
6851cd0.2358: SizeOfImage: 0x17000 (94208)
6861cd0.2358: Resource Dir: 0x15000 LB 0x590
6871cd0.2358: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
6881cd0.2358: [Raw version resource data: 0x15060 LB 0x52c, codepage 0x0 (reserved 0x0)]
6891cd0.2358: ProductName: Trend Micro AEGIS
6901cd0.2358: ProductVersion: 2.976
6911cd0.2358: FileVersion: 2.976.0.1207
6921cd0.2358: SpecialBuild: 1207
6931cd0.2358: PrivateBuild: Build 1207 - 6/23/2017
6941cd0.2358: FileDescription: TrendMicro Event Management Module
6951cd0.2358: \SystemRoot\System32\drivers\tmebc64.sys:
6961cd0.2358: CreationTime: 2015-11-19T13:58:04.000000000Z
6971cd0.2358: LastWriteTime: 2015-11-19T13:58:04.000000000Z
6981cd0.2358: ChangeTime: 2018-03-15T10:03:06.838722700Z
6991cd0.2358: FileAttributes: 0x20
7001cd0.2358: Size: 0x11b38
7011cd0.2358: NT Headers: 0xf8
7021cd0.2358: Timestamp: 0x564ac673
7031cd0.2358: Machine: 0x8664 - amd64
7041cd0.2358: Timestamp: 0x564ac673
7051cd0.2358: Image Version: 6.0
7061cd0.2358: SizeOfImage: 0x12000 (73728)
7071cd0.2358: Resource Dir: 0x10000 LB 0x6f8
7081cd0.2358: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7091cd0.2358: [Raw version resource data: 0x10060 LB 0x694, codepage 0x0 (reserved 0x0)]
7101cd0.2358: ProductName: Trend Micro Early Boot Clean
7111cd0.2358: ProductVersion: 1.5
7121cd0.2358: FileVersion: 1.5.0.1023
7131cd0.2358: SpecialBuild: 1023
7141cd0.2358: PrivateBuild: Build 1023 - 11/17/2015
7151cd0.2358: FileDescription: Trend Micro early boot driver
7161cd0.2358: \SystemRoot\System32\drivers\tmeevw.sys:
7171cd0.2358: CreationTime: 2015-06-08T11:54:40.000000000Z
7181cd0.2358: LastWriteTime: 2017-05-11T16:52:26.000000000Z
7191cd0.2358: ChangeTime: 2017-11-02T10:52:09.780610200Z
7201cd0.2358: FileAttributes: 0x20
7211cd0.2358: Size: 0x1f478
7221cd0.2358: NT Headers: 0xf0
7231cd0.2358: Timestamp: 0x59094418
7241cd0.2358: Machine: 0x8664 - amd64
7251cd0.2358: Timestamp: 0x59094418
7261cd0.2358: Image Version: 6.1
7271cd0.2358: SizeOfImage: 0x1f000 (126976)
7281cd0.2358: Resource Dir: 0x1a000 LB 0x3854
7291cd0.2358: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7301cd0.2358: [Raw version resource data: 0x1d36c LB 0x4e8, codepage 0x4e4 (reserved 0x0)]
7311cd0.2358: ProductName: Trend Micro EagleEye
7321cd0.2358: ProductVersion: 2.0
7331cd0.2358: FileVersion: 2.0.0.1039
7341cd0.2358: SpecialBuild: 1039
7351cd0.2358: PrivateBuild: Build 1039 - 5/3/2017
7361cd0.2358: FileDescription: Trend Micro EagleEye Driver (VW) (amd64-fre)
7371cd0.2358: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7381cd0.2358: Calling main()
7391cd0.2358: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7401cd0.2358: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7411cd0.2358: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
7421cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
7431cd0.2358: SUPR3HardenedMain: Final process, opening VBoxDrv...
7441cd0.2358: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
7451cd0.2358: supR3HardNtEnableThreadCreation:
7461cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7471cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7481cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b7b1:<flags> [calling]
7491cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7501cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefa6d0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7511cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7521cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7531cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000298f31:<flags> [calling]
7541cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7551cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7561cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000298f31:<flags> [calling]
7571cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7581cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7591cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7601cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
7611cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
7621cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
7631cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
7641cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
7651cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7661cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7671cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
7681cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
7691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7711cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
7721cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
7731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7751cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7761cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
7771cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
7781cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
7791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7811cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
7821cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
7831cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7851cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7861cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7871cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7881cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7891cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d5c1:<flags> [calling]
7901cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7911cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcf60000 LB 0x0003b000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
7921cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7931cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe440000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
7941cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7951cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcda0000 LB 0x0016d000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
7961cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7971cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0000f000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
7981cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7991cd0.2358: supR3HardenedDllNotificationCallback: load 000007feff0a0000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
8001cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8011cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\Wintrust.dll'
8021cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8031cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8041cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d5c1:<flags> [calling]
8051cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8061cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefc620000 LB 0x00022000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
8071cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8081cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc620000 'C:\WINDOWS\system32\bcrypt.dll'
8091cd0.2358: bcrypt.dll loaded at 000007fefc620000, BCryptOpenAlgorithmProvider at 000007fefc622460, preloading providers:
8101cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
8111cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
8121cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8131cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8141cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8161cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8171cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8181cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8191cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8201cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
8211cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
8221cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
8231cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8241cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8251cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8261cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8271cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8281cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8291cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d5a1:<flags> [calling]
8301cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8311cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefc120000 LB 0x0004c000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
8321cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8331cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefd0d0000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0]
8341cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8351cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
8361cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
8371cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
8381cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
8391cd0.2358: supR3HardenedDllNotificationCallback: load 000007feff300000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
8401cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8411cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc120000 'C:\WINDOWS\system32\bcryptprimitives.dll'
8421cd0.2358: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000089cb30)
8431cd0.2358: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000089e9f0)
8441cd0.2358: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000089eb20)
8451cd0.2358: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000089ed40)
8461cd0.2358: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000089ee70)
8471cd0.2358: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000089efa0)
8481cd0.2358: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000089f1f0)
8491cd0.2358: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000089f320)
8501cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
8511cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
8521cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8531cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8541cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8551cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8561cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8571cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8581cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d111:<flags> [calling]
8591cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8601cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefc4d0000 LB 0x00018000 C:\WINDOWS\system32\CRYPTSP.dll [fFlags=0x0]
8611cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8621cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\WINDOWS\system32\CRYPTSP.dll'
8631cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8641cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
8651cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
8661cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8671cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8681cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8691cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d0a1:<flags> [calling]
8701cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8711cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefc200000 LB 0x00047000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
8721cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8731cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc200000 'C:\WINDOWS\system32\rsaenh.dll'
8741cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8751cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c931:<flags> [calling]
8761cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
8771cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
8781cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
8791cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ccb1:<flags> [calling]
8801cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8811cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcb60000 LB 0x0000f000 C:\WINDOWS\system32\CRYPTBASE.dll [fFlags=0x0]
8821cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8831cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb60000 'C:\WINDOWS\system32\CRYPTBASE.dll'
8841cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8851cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c6e1:<flags> [calling]
8861cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'C:\WINDOWS\system32\kernel32.dll'
8871cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8881cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d071:<flags> [calling]
8891cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\WINTRUST.DLL'
8901cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8911cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029cea1:<flags> [calling]
8921cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\WINDOWS\system32\CRYPT32.dll'
8931cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8941cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
8951cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
8961cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
8971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8991cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9001cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9011cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9021cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9031cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cef1:<flags> [calling]
9041cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9051cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe4e0000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
9061cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9071cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4e0000 'C:\WINDOWS\system32\imagehlp.dll'
9081cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9091cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d041:<flags> [calling]
9101cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\WINDOWS\system32\CRYPTSP.dll'
9111cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9121cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
9131cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
9141cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9161cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
9171cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
9181cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
9191cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
9201cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
9211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
9221cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
9231cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9241cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
9251cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
9261cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
9271cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9281cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9291cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9301cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
9311cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
9321cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9331cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9341cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
9351cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
9361cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
9371cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9381cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9391cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9401cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9411cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9421cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9431cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9441cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9451cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9461cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9471cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9481cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9491cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9501cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9511cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9521cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cb71:<flags> [calling]
9531cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9541cd0.2358: supR3HardenedDllNotificationCallback: load 0000000076f40000 LB 0x000fa000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
9551cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9561cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe340000 LB 0x00067000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
9571cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9581cd0.2358: supR3HardenedDllNotificationCallback: load 000007feff2f0000 LB 0x0000e000 C:\WINDOWS\system32\LPK.dll [fFlags=0x0]
9591cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
9601cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe690000 LB 0x000cb000 C:\WINDOWS\system32\USP10.dll [fFlags=0x0]
9611cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
9621cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9631cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c071:<flags> [calling]
9641cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'C:\WINDOWS\system32\gdi32.dll'
9651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
9661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
9671cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
9681cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
9691cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
9701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
9711cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
9721cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9731cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
9741cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
9751cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
9761cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
9771cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
9781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9801cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9821cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9831cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
9851cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
9861cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9871cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9881cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9891cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9901cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9911cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9921cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
9931cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9951cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9961cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b9b1:<flags> [calling]
9971cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9981cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe410000 LB 0x0002e000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0]
9991cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
10001cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefd250000 LB 0x00109000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
10011cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
10021cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe410000 'C:\WINDOWS\system32\IMM32.DLL'
10031cd0.2358: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group.
10041cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
10051cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
10061cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
10071cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
10081cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
10091cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10101cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10111cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10121cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10131cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10141cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
10161cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
10171cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10181cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\version.dll)
10191cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
10201cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10221cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10231cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b5c1:<flags> [calling]
10241cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
10251cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcc40000 LB 0x00031000 C:\WINDOWS\system32\nvinitx.dll [fFlags=0x0]
10261cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
10271cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
10281cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x0000c000 C:\WINDOWS\system32\VERSION.dll [fFlags=0x0]
10291cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
10301cd0.2358: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group.
10311cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll)
10321cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
10331cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029a021:<flags> [calling]
10341cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
10351cd0.2358: supR3HardenedDllNotificationCallback: load 0000000074930000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0]
10361cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
10371cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000074930000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll'
10381cd0.2358: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll: Owner is administrators group.
10391cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
10401cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
10411cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
10421cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'setupapi.dll'.
10431cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'detoured.dll'.
10441cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll)
10451cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
10461cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
10471cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
10481cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
10491cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
10501cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
10511cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
10521cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
10531cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
10541cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
10551cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
10561cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
10571cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
10581cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
10591cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
10601cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10611cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10621cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10631cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10641cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10651cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10661cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10671cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10681cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
10701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
10711cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10721cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
10731cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
10741cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
10751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
10761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
10771cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
10781cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10791cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
10801cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
10811cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
10821cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
10831cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
10841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10851cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10861cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10871cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10881cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10891cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10901cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10911cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10921cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10931cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10951cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10961cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
10971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
10981cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10991cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
11001cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
11011cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
11021cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
11031cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11041cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11051cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11061cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11071cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11081cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11091cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11101cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11111cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11121cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11131cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11141cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11161cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11171cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11181cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11191cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11201cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11221cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11231cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11241cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11251cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11261cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11271cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11281cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
11291cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11301cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
11311cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
11321cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
11331cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
11341cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
11351cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11361cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11371cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11381cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11391cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11401cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11411cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11421cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11431cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11441cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11451cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11461cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11471cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11481cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11491cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11501cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029a021:<flags> [calling]
11511cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [lacks WinVerifyTrust]
11521cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef7e60000 LB 0x00031000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0]
11531cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [lacks WinVerifyTrust]
11541cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefeb70000 LB 0x001d7000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
11551cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
11561cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcd50000 LB 0x00036000 C:\WINDOWS\system32\CFGMGR32.dll [fFlags=0x0]
11571cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
11581cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefea90000 LB 0x000da000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
11591cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
11601cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe0f0000 LB 0x001fd000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
11611cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
11621cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcd30000 LB 0x0001a000 C:\WINDOWS\system32\DEVOBJ.dll [fFlags=0x0]
11631cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
11641cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
11651cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000299161:<flags> [calling]
11661cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
11671cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e60000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll'
11681cd0.2358: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group.
11691cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
11701cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'.
11711cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll)
11721cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
11731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
11741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
11751cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
11761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11771cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11781cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11791cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299f31:<flags> [calling]
11801cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [lacks WinVerifyTrust]
11811cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef7de0000 LB 0x00022000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0]
11821cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [lacks WinVerifyTrust]
11831cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7de0000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll'
11841cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\WINDOWS\system32\nvinitx.dll'
11851cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\WINDOWS\system32\USER32.dll'
11861cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
11871cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11881cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
11891cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
11901cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
11911cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11921cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11931cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11951cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11961cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11991cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12001cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cd81:<flags> [calling]
12011cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
12021cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefc650000 LB 0x00050000 C:\WINDOWS\system32\ncrypt.dll [fFlags=0x0]
12031cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
12041cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc650000 'C:\WINDOWS\system32\ncrypt.dll'
12051cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12061cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cb71:<flags> [calling]
12071cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc620000 'C:\WINDOWS\system32\bcrypt.dll'
12081cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12091cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
12101cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
12111cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
12121cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
12131cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
12141cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
12151cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12161cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
12171cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
12181cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12191cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12201cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12221cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12231cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12241cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12251cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12261cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12271cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c501:<flags> [calling]
12281cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
12291cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcf10000 LB 0x0001e000 C:\WINDOWS\system32\USERENV.dll [fFlags=0x0]
12301cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
12311cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x0000f000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
12321cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
12331cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf10000 'C:\WINDOWS\system32\USERENV.dll'
12341cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
12351cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c261:<flags> [calling]
12361cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12371cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
12381cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c5f1:<flags> [calling]
12391cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12401cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12411cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12421cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
12431cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
12441cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12451cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12461cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12471cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12481cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12491cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12501cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c821:<flags> [calling]
12511cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12521cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefbf50000 LB 0x0001b000 C:\WINDOWS\system32\GPAPI.dll [fFlags=0x0]
12531cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12541cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf50000 'C:\WINDOWS\system32\GPAPI.dll'
12551cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
12561cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c771:<flags> [calling]
12571cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-WIN-Service-Management-L1-1-0.dll'
12581cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12591cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\WINDOWS\system32\rpcrt4.dll'
12601cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
12611cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c751:<flags> [calling]
12621cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-WIN-Service-Management-L2-1-0.dll'
12631cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
12641cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c761:<flags> [calling]
12651cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12671cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
12681cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
12691cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
12701cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
12711cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
12721cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
12731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
12741cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12751cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
12761cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
12771cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12791cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12821cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12831cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12851cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12861cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12871cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12881cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12891cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c261:<flags> [calling]
12901cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12911cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef2d20000 LB 0x00027000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
12921cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12931cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe3b0000 LB 0x00052000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
12941cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
12951cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12961cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029b3a1:<flags> [calling]
12971cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
12981cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12991cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029b3a1:<flags> [calling]
13001cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13011cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13021cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029b3a1:<flags> [calling]
13031cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13041cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13051cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029b3a1:<flags> [calling]
13061cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13071cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13081cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029b3a1:<flags> [calling]
13091cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13101cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13111cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000029b3a1:<flags> [calling]
13121cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13131cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13141cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13151cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13161cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13171cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13181cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13191cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13201cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13211cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13221cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13231cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13241cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
13251cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
13261cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
13271cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029bb81:<flags> [calling]
13281cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13291cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
13301cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029bb81:<flags> [calling]
13311cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd10000 'C:\WINDOWS\system32\profapi.dll'
13321cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13331cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
13341cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
13351cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
13361cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13371cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13381cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13391cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13401cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13411cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13421cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13431cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13441cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13451cd0.2358: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13461cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b611:<flags> [calling]
13471cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13481cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefed50000 LB 0x00071000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
13491cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13501cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\WINDOWS\system32\SHLWAPI.dll'
13511cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
13521cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000063f000
13531cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
13541cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD335919DDD6C766FE4E5F28B4FAABF69B09C250
13551cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
13561cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c541:<flags> [calling]
13571cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13581cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
13591cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c0a1:<flags> [calling]
13601cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-WIN-Service-Management-L1-1-0.dll'
13611cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
13621cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c0a1:<flags> [calling]
13631cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
13641cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13651cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
13661cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
13671cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c4f1:<flags> [calling]
13681cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13691cd0.2358: supR3HardenedIsApiSetDll: '<NULL>' -> true
13701cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000029c1e1:<flags> [calling]
13711cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13721cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
13731cd0.2358: g_pfnWinVerifyTrust=000007fefcf61010
13741cd0.2358: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13751cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
13761cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
13771cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
13781cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03C3949C543BC88555B566D6E3CD5F1E43072E83
13791cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13801cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13811cd0.2358: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13821cd0.2358: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13831cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
13841cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
13851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
13861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94B4C88ADC72C33C3A3D87A716B5557571C2B9F2
13871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13881cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13891cd0.2358: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13901cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000424 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13911cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
13921cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
13931cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
13941cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13951cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13961cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13971cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
13981cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
13991cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14001cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
14011cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
14021cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14031cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
14041cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000414 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
14051cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14061cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14071cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6AFF13995E2E993955E220EA5853B61404FCBF42
14081cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
14091cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14101cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
14111cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000002d4 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
14121cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14131cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14141cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
14151cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
14161cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14171cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
14181cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000244 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
14191cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14201cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14211cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
14221cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
14231cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14241cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
14251cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000240 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
14261cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14271cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14281cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
14291cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
14301cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14311cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
14321cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000022c pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
14331cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14341cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14351cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C450964B981ECD48D33C577F137B7C95735850F6
14361cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
14371cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14381cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
14391cd0.2358: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
14401cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000228 pwszName=\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
14411cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14421cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14431cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A343F85261FD64F42AF83AAEF4B4BF6A4513DA8
14441cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.cat'; file='\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
14451cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
14461cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
14471cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e8 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
14481cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14491cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14501cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFFDE66260552BF7E35D8121FA5528186F88C59F
14511cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
14521cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14531cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
14541cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
14551cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14561cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14571cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
14581cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
14591cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14601cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
14611cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e0 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14621cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14631cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14641cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
14651cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
14661cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14671cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
14681cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001dc pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
14691cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14701cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14711cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
14721cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
14731cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14741cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
14751cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
14761cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14771cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14781cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=071207BC2B5A923E824F1F50EA30441CCF3E2002
14791cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2921916~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
14801cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14811cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
14821cd0.2358: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'
14831cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
14841cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=597EAEEFB149912DCCF0711D4AFB4B9C97BB659D
14871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.cat'; file='\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'
14881cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
14891cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'
14901cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'
14911cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
14921cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
14931cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
14941cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
14951cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
14961cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14971cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
14981cd0.2358: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
14991cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\nvinitx.dll
15001cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15011cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15021cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FEC0F93E4AB863A67963A1A59DB1B754FF32057B
15031cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem60.cat'; file='\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
15041cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
15051cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
15061cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
15071cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15081cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15091cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B18074E6500B26B9675D6739EF0E6FFC56E8E0CA
15101cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
15111cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15121cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
15131cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
15141cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15151cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15161cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
15171cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
15181cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15191cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
15201cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
15211cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15221cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15231cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE1E4C5A6AE2CD7C2699FE89EFC72F3203BC58E
15241cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
15251cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15261cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
15271cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
15281cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15291cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15301cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C0A576238280DCD45A672CCDF21539474740308D
15311cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
15321cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15331cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
15341cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
15351cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15361cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15371cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D767C07C15EAAFC316567AB2F5CA7B85CCD70E2
15381cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
15391cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15401cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
15411cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
15421cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15431cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15441cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
15451cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
15461cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15471cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
15481cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
15491cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15501cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15511cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
15521cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
15531cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15541cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
15551cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
15561cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15571cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15581cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6AA5A1BB28FB2338D0E6715853B973AF44FA2C74
15591cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
15601cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15611cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
15621cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
15631cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
15641cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15651cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15661cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
15671cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
15681cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15691cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
15701cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
15711cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15721cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15731cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
15741cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
15751cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15761cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
15771cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
15781cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15791cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15801cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE8D81CAA178FE33160A82DBD2ADCCBEBF6BB37C
15811cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
15821cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15831cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
15841cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
15851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
15861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15881cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3DAB6A8FD667434567D0FBDDEFDB248167DE20D
15891cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
15901cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15911cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
15921cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
15931cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
15941cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
15951cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
15961cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
15971cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15981cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
15991cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
16001cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
16011cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
16021cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
16031cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
16041cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16051cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
16061cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
16071cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
16081cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
16091cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F57CEA67754605A225FE825D62A25217570A64E3
16101cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
16111cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16121cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
16131cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
16141cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
16151cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
16161cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
16171cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3919CF04F546DCF0A416E7F7A5389945B6410305
16181cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
16191cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16201cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
16211cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
16221cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
16231cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
16241cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A33172F017DE85A9AACC7FFD36DCE4A70DA92643
16251cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
16261cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16271cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
16281cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
16291cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029bfe1:<flags> [calling]
16301cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\WINDOWS\system32\crypt32.dll'
16311cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
16321cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
16331cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
16341cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
16351cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
16361cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
16371cd0.2358: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
16381cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
16391cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
16401cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
16411cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
16421cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
16431cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
16441cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16451cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
16461cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
16471cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
16481cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
16491cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe0249b57ec7fbc00 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication EV RootCA1
16501cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xee325335cd8dba00 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2007
16511cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4a25c87eb933b700 C=RO, O=certSIGN, OU=certSIGN ROOT CA
16521cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3703c8da1585b000 C=FI, ST=Finland, O=Vaestorekisterikeskus CA, OU=Certification Authority Services, OU=Varmennepalvelut, CN=VRK Gov. Root CA
16531cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8b062bb556fcc300 C=FR, O=Certeurope, OU=0002 434202180, CN=Certeurope Root CA 2
16541cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x977025a7d23db100 C=UY, O=ADMINISTRACION NACIONAL DE CORREOS, OU=SERVICIOS ELECTRONICOS, CN=Correo Uruguayo - Root CA
16551cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x15941d5f68b5c600 CN=ComSign Secured CA, O=ComSign, C=IL
16561cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
16571cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x774be61ad7bbbe00 C=DE, O=Siemens, SRN=ZZZZZZV1, OU=Copyright (C) Siemens AG 2011 All Rights Reserved, CN=Siemens Trust Center Root-CA V2.0
16581cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4e6f5b254adf3119 DC=com, DC=accenture, DC=svc, DC=dir, OU=People, CN=Accenture Root CA
16591cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x75a2ccecb8259a00 C=TW, O=Government Root Certification Authority
16601cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3c0043239a65bd00 C=FR, O=Certplus, CN=Class 3TS Primary CA
16611cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
16621cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
16631cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa5c88c0a3eb7ab00 CN=TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı, C=TR, L=Ankara, O=TÜRKTRUST Bilgi İletişim ve Bilişim Güvenliği Hizmetleri A.Ş. (c) Aralık 2007
16641cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6693ec7ebc027a58 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Public Notary Root
16651cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x49dccfc3945cd200 C=GB, O=Trustis Limited, OU=Trustis EVS Root CA
16661cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
16671cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2f82cdf3faead00 C=DE, O=ThyssenKrupp AG, OU=TK Trustcenter, CN=TK-CA001
16681cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8fe279bdb46fee00 C=US, O=Wells Fargo WellsSecure, OU=Wells Fargo Bank NA, CN=WellsSecure Public Root Certificate Authority
16691cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x450a900672029700 Email=pki@gamesacorp.com, C=ES, ST=Alava, L=Vitoria, O=Gamesa Corporacion Tecnologica S.A. CIF A01011253, OU=GamesaCorp, CN=CA ROOT GAMESA
16701cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe0c6a3a05515a600 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA
16711cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x31bcc1374c21bf00 C=DE, O=Secardeo, CN=Secardeo Root CA 1
16721cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc7d32b6954e4f000 CN=ComSign CA, O=ComSign, C=IL
16731cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
16741cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
16751cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
16761cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xaafa7abb99ab000 O=Cisco Systems, CN=Cisco Root CA 2048
16771cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
16781cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
16791cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5eb09e2012c300 C=TR, O=Elektronik Bilgi Guvenligi A.S., CN=e-Guven Kok Elektronik Sertifika Hizmet Saglayicisi
16801cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb798ed29328b700 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
16811cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x27adf94407baa700 C=DE, O=Unify, CN=Unify Root CA
16821cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
16831cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
16841cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x93de77b717bc192f C=US, O=Equifax Secure Inc., CN=Equifax Secure eBusiness CA-1
16851cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
16861cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x41fe5fa9df12c400 C=US, O=AffirmTrust, CN=AffirmTrust Premium
16871cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
16881cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xafc0be88bdf2a800 DC=rs, DC=posta, DC=ca, CN=Configuration, CN=Services, CN=Public Key Services, CN=AIA, CN=Posta CA Root
16891cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
16901cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x684f3820aa688200 C=DE, O=PKI-1-Verwaltung, CN=PCA-1-Verwaltung-14
16911cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
16921cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa2b50047279c9600 C=DE, O=D-Trust GmbH, CN=D-TRUST Qualified Root CA 3 2014:PN
16931cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd94cd06e3094b700 C=FR, O=Certplus, CN=Class 3 Primary CA
16941cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf08242cb8436b500 C=CZ, CN=I.CA - Qualified Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Accredited Provider of Certification Services
16951cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
16961cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
16971cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
16981cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x31ae72c74210188 C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
16991cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
17001cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4c5ef80b194ec100 C=DE, O=Siemens, SRN=ZZZZZZVR, OU=Copyright (C) Siemens 2007 All Rights Reserved, CN=Siemens Root-CA for Special Purposes 2007
17011cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x998a46ec70b59800 CN=bakernet.com, O=BakerMcKenzie, OU=IT, L=Frankfurt, ST=Hessen, C=DE, Email=Germany.Helpdesk@bakermckenzie.com
17021cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
17031cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x23335b995a1fb800 C=DE, O=CMS Hasche Sigle, CN=CMS HS Secure Mail CA
17041cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x48cc53a3896bab00 C=CO, O=Sociedad Cameral de Certificación Digital - Certicámara S.A., CN=AC Raíz Certicámara S.A.
17051cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd71519e43fd5ba00 C=CA, ST=Ontario, L=Toronto, O=Echoworx Corporation, OU=Certification Services, CN=Echoworx Root CA2
17061cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xade42733bd8d9700 C=us, O=U.S. Government, OU=FBCA, CN=Common Policy
17071cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x41377e8d046eb900 CN=D-R CA
17081cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x1c29714b0c909400 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA1
17091cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
17101cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc80944791f6c0204 C=DE, L=Ottobrunn, O=IABG, CN=IABG-Corporate-CA
17111cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe0b0c3006b04c400 C=LV, OU=Sertifikacijas pakalpojumu dala, CN=E-ME SSI (RCA)
17121cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x59c66911a5cbad00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 4 Public Primary Certification Authority - G3
17131cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x676bd54406d8e300 O=Group, OU=APPLICATIONS, OU=iPKI, CN=2014-2044 BNPP Root
17141cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd8240de4137fd600 C=IE, O=An Post, OU=Post.Trust Ltd., CN=Post.Trust Root CA
17151cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xba7391110efa9300 DC=dir, DC=aed, CN=alten-CA
17161cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5295db258780a400 C=CL, ST=Region Metropolitana, L=Santiago, O=E-CERTCHILE, OU=Autoridad Certificadora, Email=sclientes@ccs.cl, CN=E-CERT ROOT CA
17171cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xea33d3c14ab5d900 C=DE, ST=Baden-Wuerttemberg (BW), L=Stuttgart, O=Deutscher Sparkassen Verlag GmbH, CN=S-TRUST Authentication and Encryption Root CA 2005:PN
17181cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
17191cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x790f406f5bfdd400 C=DE, O=Bundesbank, OU=Bundesbank PKI, CN=Bundesbank Root CA 2015 II for Central Bank Issues, Email=pki@bundesbank.de
17201cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6e864c7a8071ba00 C=ES, O=FNMT-RCM, OU=AC RAIZ FNMT-RCM
17211cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x923c3ab73579a1d0 C=US, O=AffirmTrust, CN=AffirmTrust Premium ECC
17221cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbab415bd1e249800 C=US, OU=www.xrampsecurity.com, O=XRamp Security Services Inc, CN=XRamp Global Certification Authority
17231cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x79ef60a5daf3d700 C=DE, O=Siemens, DC=net, DC=siemens, OU=Root CA in the Siemens AD forest, OU=copyright (C) Siemens AG 2003 All rights reserved, CN=Siemens AD Root CA (2003)
17241cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
17251cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x31ae72c74210188 C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
17261cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa77e582301cec600 DC=com, DC=deloitte, CN=Deloitte Level 1 CA
17271cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x20a3c30cad008000 C=ES, O=DIRECCION GENERAL DE LA POLICIA, OU=DNIE, CN=AC RAIZ DNIE
17281cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
17291cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdf8b57153677e400 CN=Atos Origin GmbH CA Level 2 2009, O=Atos Origin GmbH, C=DE
17301cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf7c33b7ebfec9b00 C=SI, O=POSTA, OU=POSTArCA
17311cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
17321cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xab7df2a48539b200 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Client Authentication and Email
17331cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
17341cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
17351cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xfbf8ea8e6b96ca00 C=ES, CN=Autoridad de Certificacion Firmaprofesional CIF A62634068
17361cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc3f08e9b8780ab00 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 2 CA, CN=TC TrustCenter Class 2 CA II
17371cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xeb1d2a732928b200 CN=ComSign Global Root CA, O=ComSign Ltd., C=IL
17381cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
17391cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6a4c39c4152dd100 C=CZ, CN=I.CA - Standard root certificate, O=Prvni certifikacni autorita a.s.
17401cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbf168afe877852f1 C=US, O=thawte, Inc., OU=(c) 2007 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G2
17411cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2e3c273c9e4cce00 CN=aon.com, O=Aon Corporation, OU=Directory Services, L=Illinois, ST=Chicago, C=US, Email=DG-ASC-Global-SEMS-CertificateAdmin@aon.com
17421cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdf103d404d3cef00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA 2
17431cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
17441cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbeb3e8b6dcbbd000 C=BR, O=Serasa S.A., OU=Serasa CA I, CN=Serasa Certificate Authority I
17451cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6d1c73d3669a700 C=DE, ST=Bayern, L=Muenchen, O=Siemens, SRN=ZZZZZZA1, OU=Siemens Trust Center, CN=Siemens Root CA V3.0 2016
17461cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x51aead9c4ccdb500 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 4 CA, CN=TC TrustCenter Class 4 CA II
17471cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x177a8452aab3d500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Normalised CA
17481cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
17491cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x449f1b13efa09400 C=CH, O=SwissSign AG, CN=SwissSign Platinum Root CA - G3
17501cd0.2358: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: SRN=Z003F2EA, O=Siemens, CN=Code signing 2014 GS IT
17511cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xda5f1cc8fc5ca000 C=CZ, O=Česká pošta, s.p. [IČ 47114983], CN=PostSignum Root QCA 2
17521cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2f371157ab2ac600 C=ES, O=Generalitat Valenciana, OU=PKIGVA, CN=Root CA Generalitat Valenciana
17531cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd41691e475fb8515 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO ECC Certification Authority
17541cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x1a1ea800c447f200 C=BR, O=Serasa S.A., OU=Serasa CA III, CN=Serasa Certificate Authority III
17551cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbd4c60700e8fe200 C=de, L=Schwaig, O=COEO Systemhaus GmbH, OU=Gateway, CN=stargate.coeo-it.local
17561cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf444417a00c9bdd C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 1
17571cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xada18517b3fdc600 C=FR, O=KEYNECTIS, OU=ROOT, CN=KEYNECTIS ROOT CA
17581cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
17591cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8dfb5cf93543de00 CN=hsbctrinkaus.de, O=HSBC Trinkaus und Burkhardt AG, OU=IT Security, L=Duesseldorf, ST=NRW, C=DE, Email=postmaster@hsbctrinkaus.de
17601cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
17611cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
17621cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
17631cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x87b3c722f299c800 C=LT, O=VI Registru Centras - I.k. 124110246, OU=Registru Centro Sertifikavimo Centras, CN=VI Registru Centras RCSC (RootCA)
17641cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
17651cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xac14d02e73cea700 CN=Volksverschluesselung Root CA, O=Fraunhofer SIT, C=DE
17661cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x71b9b0629cdac200 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA III
17671cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x34f9263b33a8d500 C=US, O=Wells Fargo, OU=Wells Fargo Certification Authority, CN=Wells Fargo Root Certificate Authority
17681cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4ef92ac43a0cd500 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Services Root Certificate Authority - G2
17691cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6ae028812741ae00 C=DE, ST=Bavaria, L=Munich, O=BSH Hausgeraete GmbH , CN=BSH Root Certification Authority
17701cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
17711cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xebbf1d700c008a00 C=US, O=Verizon Business, OU=OmniRoot, CN=Verizon Global Root CA
17721cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x94fb3f125608a800 C=CZ, CN=I.CA - Standard Certification Authority, 09/2009, O=První certifikační autorita, a.s., OU=I.CA - Provider of Certification Services
17731cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x992d6156a36dbf19 C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
17741cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5a341635fb75d800 C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
17751cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd27f177930ef9e00 C=DE, O=PKI-1-Verwaltung, CN=PCA-1-Verwaltung-15
17761cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x236696801e5e9900 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA3
17771cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7c71e6059b87be00 C=CH, O=SwissSign AG, CN=SwissSign Silver Root CA - G3
17781cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
17791cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe56c346b77d48b00 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA II
17801cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xad77733ff735d300 C=CN, O=CNNIC, CN=CNNIC ROOT
17811cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5c2dc12deed59c00 C=de, L=Fuerth Uferstadt, O=Gernbotschaft GmbH, OU=Gateway, CN=vpn.gernbotschaft.com
17821cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdaad63f38ff8e900 C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, Email=info@e-szigno.hu
17831cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
17841cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xcfb22061f662ac00 C=DK, O=TDC, CN=TDC OCES CA
17851cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
17861cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
17871cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7d2686ca075db300 C=CN, O=UniTrust, CN=UCA Root
17881cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5784013b5c9c9d00 CN=ComSign Advanced Security CA
17891cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5c39bb51bbe0b400 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Class 3 CA, CN=TC TrustCenter Class 3 CA II
17901cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
17911cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x80932303749f217 C=SI, O=Halcom, CN=Halcom CA PO 2
17921cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8b7607cf260bd500 C=si, O=state-institutions, OU=sigov-ca
17931cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x23f085ee57b2b400 C=ES, O=Consejo General de la Abogacia NIF:Q-2863006I, CN=Autoridad de Certificacion de la Abogacia
17941cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
17951cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3c35a798892e200 C=DE, O=Siemens Enterprise Communications Group, CN=SEN Root CA
17961cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x992d6156a36dbf19 C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority
17971cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x802b3770cb00af00 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Chambers of Commerce Root - 2008
17981cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8478a2f32f64cc00 DC=com, DC=fujitsu-siemens, CN=Fujitsu Siemens Computers Root CA
17991cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa589e1951b18c400 C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Web PKI RSA Root - G1
18001cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf5e55fa2ac3fab00 C=DE, ST=NRW, L=Bonn, O=BaFin, OU=IT 2, CN=BaFin Secure Mail Root CA
18011cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
18021cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
18031cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa09adb78d220ae00 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust Primary Qualified CA
18041cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
18051cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
18061cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd52af87e03feaa00 DC=local, DC=anecom, CN=anecom-CA
18071cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xce3493bee81cce00 C=BR, O=ICP-Brasil, OU=Instituto Nacional de Tecnologia da Informacao - ITI, CN=Autoridade Certificadora Raiz Brasileira v1
18081cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa16e1e56de57af00 C=US, O=VISA, OU=Visa International Service Association, CN=Visa eCommerce Root
18091cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x185da5e55536b700 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Chambers of Commerce Root
18101cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6b3ad5c5fdadb900 C=DE, O=PKI-1-Verwaltung, CN=PCA-1-Verwaltung-10
18111cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x29adb6aefa69d000 CN=enigma.schleifring.de, Email=it-support@schleifring.de, OU=Schleifring und Apparatebau GmbH, O=trustcenter, L=Fuerstenfeldbruck, ST=Bavaria, C=DE
18121cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xec1f8292427bc400 C=DE, O=D-Trust GmbH, CN=D-TRUST Root CA 3 2013
18131cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb3a885392ba8ce00 O=AREVA GROUP, CN=AREVA - ROOT CA
18141cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x90af44962377a400 C=DE, O=TC TrustCenter GmbH, OU=TC TrustCenter Universal CA, CN=TC TrustCenter Universal CA I
18151cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xaec72ec8296bc300 C=FR, O=Certplus, CN=Class 1 Primary CA
18161cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8083236a0da38b5a C=US, O=VeriSign, Inc., OU=Class 2 Public Primary Certification Authority
18171cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x88db8dee0f25e100 C=TW, O=Chunghwa Telecom Co., Ltd., OU=ePKI Root Certification Authority
18181cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf06a004f18aca200 C=FR, O=NATIXIS, OU=0002 542044524, CN=CESAM
18191cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbf3fe1c65caabe5e C=US, O=Citigroup CA1
18201cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
18211cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf274f0a48808ab00 C=CZ, CN=I.CA - Qualified root certificate, O=První certifikační autorita, a.s.
18221cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
18231cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
18241cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdb2cd5c20d0aaf00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 2 Public Primary Certification Authority - G3
18251cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x33c562d0d11fb200 C=FR, ST=France, L=Paris, O=PM/SGDN, OU=DCSSI, CN=IGC/A, Email=igca@sgdn.pm.gouv.fr
18261cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
18271cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x665014bdbcc8f800 O=Cybertrust, Inc, CN=Cybertrust Global Root
18281cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
18291cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbbd90ca8b0b9d000 C=ch, O=Swisscom, OU=Digital Certificate Services, CN=Swisscom Root CA 1
18301cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf6e7cd776036cf00 C=CH, O=UBS, OU=CA, OU=CH 010, CN=SWISS-DD User CA 1
18311cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5536e4a191fbb300 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Network Applications
18321cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
18331cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x19c084be4feaba00 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA A
18341cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x92d01fe10011c900 C=US, O=VISA, OU=Visa International Service Association, CN=Visa Information Delivery Root CA
18351cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
18361cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x363d9b00b34fcb00 C=CH, O=WISeKey, OU=Copyright (c) 2005, OU=OISTE Foundation Endorsed, CN=OISTE WISeKey Global Root GA CA
18371cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8ac22bff8c18cc00 C=DE, O=European Aeronautic Defence and Space Company, CN=EADS Root CA 2
18381cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
18391cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
18401cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
18411cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf8dae202a2dfca00 C=CH, O=SwissSign AG, CN=SwissSign Platinum CA - G2
18421cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7637cbb5cf9ce200 C=SG, O=Netrust Certificate Authority 1, OU=Netrust CA1
18431cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2262f09375bd00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 3
18441cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xbdf03208c94dc00 C=DE, O=Bundesbank, OU=Bundesbank PKI, CN=Bundesbank Root CA 2014 I for Central Bank Issues, Email=pki@bundesbank.de
18451cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4f639cc1e62eba00 CN=bcg.com, O=The Boston Consulting Group, OU=Global Services, L=Boston, ST=MA, C=US, Email=WWITSecurity@bcg.com
18461cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
18471cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x783bbdee737e9b00 C=CN, O=China Internet Network Information Center, CN=China Internet Network Information Center EV Certificates Root
18481cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
18491cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x11ee35a2930fb300 C=DE, O=Bundesbank, OU=Bundesbank PKI, CN=Bundesbank Root CA 2010 for Central Bank Issues, Email=pki@bundesbank.de
18501cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x9b3ae4d356dfc000 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
18511cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x69785d02da6eb500 C=ES, O=IZENPE S.A. - CIF A-01337260-RMerc.Vitoria-Gasteiz T1055 F62 S8, L=Avda del Mediterraneo Etorbidea 3 - 01010 Vitoria-Gasteiz, CN=Izenpe.com, Email=Info@izenpe.com
18521cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf8491584e4cdb300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 2 CA 2007
18531cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
18541cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xea8e67100ecbb300 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3 G3
18551cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
18561cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2b097cb705a9a600 C=DE, ST=Bavaria, L=Munich, O=BSH Bosch und Siemens Hausgeraete GmbH, CN=BSH Root Certification Authority
18571cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xfe3e3d933619ad3f C=ES, O=FNMT, OU=FNMT Clase 2 CA
18581cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x13d9962ef116e300 CN=SafeGuard MailGateway CA, O=jhcn, C=net
18591cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe05fe608c95b000 C=IL, O=PersonalID Ltd., OU=Certificate Services, CN=PersonalID Trustworthy RootCA 2011
18601cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
18611cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x691bfdb44d4cb100 C=DE, O=PKI-1-Verwaltung, CN=PCA-1-Verwaltung-11
18621cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xcfd21c88249eb300 C=AT, O=A-Trust Ges. f. Sicherheitssysteme im elektr. Datenverkehr GmbH, OU=A-Trust-Qual-03, CN=A-Trust-Qual-03
18631cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x824f50c06d5393bc C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Basic CA, Email=personal-basic@thawte.com
18641cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x93bdceac72a7ae00 O=SCHURTER, CN=SCHURTER CA
18651cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdc94c92cf53db900 C=US, O=Digital Signature Trust, OU=DST ACES, CN=DST ACES CA X6
18661cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5c3ba16f9307dc00 C=DE, O=Deutsche Bank AG, OU=PKI, CN=Deutsche Bank Group Root CA 4
18671cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5485aec4f9cfe4f0 C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
18681cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4e5147f555f3c100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA B
18691cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x64acc0b265e5b000 C=si, O=state-institutions, OU=sigen-ca
18701cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x91b03080ccefa700 C=ES, ST=Madrid, L=Madrid, O=IPS Certification Authority s.l. ipsCA, OU=ipsCA, CN=ipsCA Global CA Root, Email=global01@ipsca.com
18711cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5901ca5aa77fd00 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA11
18721cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd0353b9e7b50c500 C=GB, O=Trustis Limited, OU=Trustis FPS Root CA
18731cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
18741cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x556cacd82e35af00 C=US, O=SecureTrust Corporation, CN=Secure Global CA
18751cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x99f15213ef3bc100 CN=Autoridad de Certificacion Raiz del Estado Venezolano, C=VE, L=Caracas, ST=Distrito Capital, O=Sistema Nacional de Certificacion Electronica, OU=Superintendencia de Servicios de Certificacion Electronica, Email=acraiz@suscerte.gob.ve
18761cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x281b06521e933939 C=US, O=Equifax Secure, OU=Equifax Secure eBusiness CA-2
18771cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa9c86e43a2efdb00 C=PT, O=SCEE, CN=ECRaizEstado
18781cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe2dd03b473d8800 DC=com, DC=kaspersky, CN=KasperskyLabsRootCA
18791cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
18801cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf23ec9c15254b300 C=US, O=GeoTrust Inc., CN=GeoTrust Universal CA 2
18811cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
18821cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8cb9cf4407f8d966 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Premium CA, Email=personal-premium@thawte.com
18831cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
18841cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x127888e4dbe7e600 CN=ABLE Root CA 1
18851cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7052e7f4a064c100 L=Alvaro Obregon, ST=Distrito Federal, C=MX, ZIP=01030, street=Insurgentes Sur 1940, CN=Autoridad Certificadora Raiz de la Secretaria de Economia, OU=Direccion General de Normatividad Mercantil, O=Secretaria de Economia, Email=acrse@economia.gob.mx
18861cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe8985fec4712d200 C=AT, L=Vienna, ST=Austria, O=ARGE DATEN - Austrian Society for Data Protection, OU=GLOBALTRUST Certification Service, CN=GLOBALTRUST, Email=info@globaltrust.info
18871cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8dfb5cf93543de00 Email=postmaster@hsbctrinkaus.de, C=DE, ST=NRW, L=Duesseldorf, O=HSBC Trinkaus und Burkhardt AG, OU=IT Security, CN=hsbctrinkaus.de
18881cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xae429fd0a270a200 C=EU, O=AC Camerfirma SA CIF A82743287, OU=http://www.chambersign.org, CN=Global Chambersign Root
18891cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
18901cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5b9d66b2891fad00 C=BR, O=Serasa S.A., OU=Serasa CA II, CN=Serasa Certificate Authority II
18911cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
18921cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xafe3d3869f859d00 C=FR, O=Certinomis, OU=0002 433998903, CN=Certinomis - Autorité Racine
18931cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3b2a6f973b859500 CN=Atos TrustedRoot 2011, O=Atos, C=DE
18941cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
18951cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6b2e1733cc84b400 C=US, O=AffirmTrust, CN=AffirmTrust Networking
18961cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x16921f393194ce00 C=DE, O=DATEV eG, CN=CA DATEV STD 03
18971cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
18981cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd483b82d16bebad0 C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
18991cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
19001cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa9cc8cfa2245a100 C=LT, O=Skaitmeninio sertifikavimo centras, OU=Certification Authority, CN=SSC Root CA C
19011cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
19021cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xcd7b81d500c8ed00 C=HU, L=Budapest, O=Microsec Ltd., OU=e-Szigno CA, CN=Microsec e-Szigno Root CA
19031cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x92ac5ed85c2d0e9b C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2007 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G4
19041cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x63d591bc40b8c400 C=DK, O=TDC Internet, OU=TDC Internet Root CA
19051cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x4dff6e86067db400 C=US, O=Accenture, OU=IAM, CN=Accenture Internal Root CA
19061cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x419b60ebff37ab00 C=FR, O=Certplus, CN=Class 3P Primary CA
19071cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb8ce920e1b50ac00 C=ES, O=Colegio de Registradores de la Propiedad y Mercantiles de España, OU=Certificado Propio, CN=Registradores de España - CA Raíz
19081cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2676db9b15412b5a C=KR, O=Government of Korea, OU=GPKI, CN=GPKIRootCA
19091cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x715b6494b0d4d769 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting, OU=Certification Services Division, CN=Thawte Personal Freemail CA, Email=personal-freemail@thawte.com
19101cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa7f9b4b9d484dd00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 1 Public Primary Certification Authority - G3
19111cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe69c54164257cc00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 3
19121cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7bcb2348e72adc00 C=DE, O=GAD EG, OU=VR IDENT, CN=VR IDENT ROOT CA 2010
19131cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x3a8810ff4b6d8a00 C=TR, L=Gebze - Kocaeli, O=Türkiye Bilimsel ve Teknolojik Araştırma Kurumu - TÜBİTAK, OU=Ulusal Elektronik ve Kriptoloji Araştırma Enstitüsü - UEKAE, OU=Kamu Sertifikasyon Merkezi, CN=TÜBİTAK UEKAE Kök Sertifika Hizmet Sağlayıcısı - Sürüm 3
19141cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7108a97b266cec00 C=DE, O=European Aeronautic Defence and Space Company, CN=EADS S2 Root CA 1
19151cd0.2358: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: SRN=Z003F2EA, O=Siemens, CN=GS IT BASIC-CLIENT-SERVICE Z003F2EA
19161cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xb549113251689e00 DC=com, DC=ul, CN=UL ROOT CA V2
19171cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa9bab0af360cc000 DC=com, DC=Bosch, CN=PKI, CN=Bosch-CA-DE
19181cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
19191cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf1f7ba948f4b3d46 Email=markus.mueller@stinnes-data.de, C=DE, ST=NRW, L=Muelheim an der Ruhr, O=Stinnes-data-Service GmbH, OU=Systems, Projects, CN=SdS Citrix-Serverfarm
19201cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6c246d2775a69e00 O=GROUPE SOCIETE GENERALE, CN=SG UniPass Root CA
19211cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf63f5006e5b3da00 C=CN, O=UniTrust, CN=UCA Global Root
19221cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x5485aec4f9cfe4f0 C=US, O=VeriSign, Inc., OU=Class 4 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
19231cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x9d5a65c89fe8c300 C=CH, O=SwissSign AG, CN=SwissSign Gold Root CA - G3
19241cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xfcbd21afbd38d700 O=BAKERNET, OU=BAKERNET Certificate Authority, CN=BAKERNET-RCA1
19251cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
19261cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x2f5561fdf9b89b00 C=LV, O=VAS Latvijas Pasts - Vien.reg.Nr.40003052790, OU=Sertifikacijas pakalpojumi, CN=VAS Latvijas Pasts SSI(RCA)
19271cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
19281cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa674f2b1f89b500 C=FI, O=Sonera, CN=Sonera Class1 CA
19291cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
19301cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xe516eb23bff09500 C=DE, O=Bombardier, OU=Bombardier Transportation, CN=BT-IS-Root-CA-2014
19311cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
19321cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf1fbd6404bd4a500 C=BE, O=Certipost s.a./n.v., CN=Certipost E-Trust TOP Root CA
19331cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd483b82d16bebad0 C=US, O=VeriSign, Inc., OU=Class 1 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
19341cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
19351cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x407c0c3d7576bf00 C=SI, O=ACNLB
19361cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x7ea41f5ea4cd9c00 C=BG, O=InfoNotary PLC, DC=root-ca, CN=InfoNotary CSP Root, OU=InfoNotary CSP Root, Email=csp@infonotary.com
19371cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x9de5960126a3bc00 C=SI, O=Halcom, CN=Halcom CA FO
19381cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
19391cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xea5ef130d8e2bb00 CN=mckinsey.com, O=McKinsey & Company, OU=mckinsey.com, Email=administrators@mckinsey.com
19401cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
19411cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x64c011cec1cfaf00 C=DE, O=Bundesagentur fuer Arbeit, CN=Wurzel-CA-1:PN
19421cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xf03913fae404bc00 C=KR, O=KISA, OU=Korea Certification Authority Central, CN=KISA RootCA 1
19431cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xd43dd8b22552c700 C=HU, L=Budapest, O=NetLock Halozatbiztonsagi Kft., OU=Tanusitvanykiadok, CN=NetLock Minositett Kozjegyzoi (Class QA) Tanusitvanykiado, Email=info@netlock.hu
19441cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0xdf603f23927b9600 C=JP, O=Japan Certification Services, Inc., CN=SecureSign RootCA2
19451cd0.2358: supR3HardenedWinIsDesiredRootCA: Adding 0x207b3ca183cfb300 CN=Siemens OneAD Root CA
19461cd0.2358: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=312
19471cd0.2358: SUPR3HardenedMain: Load Runtime...
19481cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19491cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
19501cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
19511cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
19521cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
19531cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19541cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19551cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19561cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19571cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19581cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19591cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
19601cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
19611cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
19621cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
19631cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19641cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
19661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
19671cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
19681cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
19691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19711cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
19721cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
19731cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19761cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
19771cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19801cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
19821cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
19831cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
19841cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
19851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
19861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
19871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
19881cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19891cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
19901cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
19911cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19921cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19931cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19951cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c311:<flags> [calling]
19961cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19971cd0.2358: supR3HardenedDllNotificationCallback: load 000007fed3cc0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
19981cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19991cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20001cd0.2358: supR3HardenedDllNotificationCallback: load 00000000627f0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
20011cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20021cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20031cd0.2358: supR3HardenedDllNotificationCallback: load 000000005fc10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
20041cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20051cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefe2f0000 LB 0x0004d000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
20061cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
20071cd0.2358: supR3HardenedDllNotificationCallback: load 000007feff320000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
20081cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
20091cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20101cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20111cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20121cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20131cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20141cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20151cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20161cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20171cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20181cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20191cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20201cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20211cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20221cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20231cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20241cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20251cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20261cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20271cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20281cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20291cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20301cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20311cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20321cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20331cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20341cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20351cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20361cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20371cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20381cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20391cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20401cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20411cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20421cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20431cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20441cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20451cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20461cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20471cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20481cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20491cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20501cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20511cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20521cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
20531cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000299961:<flags> [calling]
20541cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20551cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20561cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20571cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
20581cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
20591cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029de71:<flags> [calling]
20601cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\Wintrust.dll'
20611cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
20621cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c9c1:<flags> [calling]
20631cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\WINDOWS\system32\crypt32.dll'
20641cd0.2358: SUPR3HardenedMain: Load TrustedMain...
20651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
20661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20671cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
20681cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
20691cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
20701cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
20711cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
20721cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
20731cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
20741cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
20751cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
20761cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
20771cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
20781cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
20791cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
20801cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
20811cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
20821cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
20831cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
20841cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
20851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
20861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
20871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
20881cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
20891cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20901cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
20911cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20921cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
20931cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
20941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20951cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20961cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20991cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21001cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21011cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21021cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
21031cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
21041cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
21051cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96DDB24DBBF98EDECA2FBB4CEDEB23977AD0203F
21061cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
21071cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21081cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21091cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
21101cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
21111cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
21121cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
21131cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
21141cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21161cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21171cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21181cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
21191cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
21201cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
21211cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
21221cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
21231cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
21241cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
21251cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
21261cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
21271cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
21281cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
21291cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
21301cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
21311cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
21321cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
21331cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
21341cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
21351cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
21361cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
21371cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
21381cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
21391cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
21401cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
21411cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
21421cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
21431cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
21441cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
21451cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
21461cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
21471cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
21481cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21491cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21501cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21511cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
21521cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
21531cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
21541cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21551cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
21561cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
21571cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
21581cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
21591cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21601cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21611cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21621cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
21631cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
21641cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
21651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
21671cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
21681cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
21691cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
21701cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
21711cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21721cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21741cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21771cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21821cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
21831cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
21841cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
21851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
21861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
21871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21881cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21891cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21901cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
21911cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
21921cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
21931cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
21941cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
21951cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21961cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
21991cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
22001cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
22011cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
22021cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
22031cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
22041cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
22051cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22061cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22071cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22081cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
22091cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
22101cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
22111cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
22121cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
22131cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
22141cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
22151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
22161cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
22171cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
22181cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
22191cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
22201cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
22211cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22221cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22231cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
22241cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22251cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
22261cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
22271cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22281cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22291cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22301cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22311cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22321cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22331cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22341cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22351cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22361cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22371cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22381cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22391cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
22401cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
22411cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
22421cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
22431cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
22441cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
22451cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
22461cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22471cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
22481cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
22491cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22501cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22511cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22521cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22531cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22541cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22551cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22561cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22571cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22581cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22591cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22601cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22611cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22621cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22631cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22641cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22651cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22661cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22671cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22681cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22711cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22721cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22771cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22781cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22811cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22821cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22831cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22841cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22851cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22861cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22871cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22881cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22891cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22901cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22911cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22921cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22931cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22951cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22961cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22991cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23001cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23011cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23021cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23031cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
23041cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
23051cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
23061cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
23071cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
23081cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
23091cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
23101cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
23111cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23121cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23131cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
23141cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23151cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
23161cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
23171cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
23181cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
23191cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
23201cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
23211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
23221cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000524 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
23231cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
23241cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
23251cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
23261cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
23271cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23281cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23291cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23301cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23311cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
23321cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
23331cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23341cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23351cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23361cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23371cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23381cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23391cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
23401cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
23411cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
23421cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23431cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23441cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23451cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23461cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23471cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23481cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23491cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23501cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23511cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23521cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23531cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23541cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
23551cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
23561cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
23571cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23581cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23591cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
23601cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23611cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23621cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23631cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23641cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
23651cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23661cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23671cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23681cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23711cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23721cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23771cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
23781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
23791cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
23811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
23821cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000544 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
23831cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
23841cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
23851cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
23861cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
23871cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23881cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
23891cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23901cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23911cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
23921cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
23931cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23951cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23961cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23971cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23991cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24001cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24011cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24021cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24031cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24041cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
24051cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
24061cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24071cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24081cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24091cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
24101cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
24111cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24121cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
24131cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
24141cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
24151cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
24161cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24171cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24181cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
24191cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24201cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
24211cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24221cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24231cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24241cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24251cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24261cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24271cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
24281cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
24291cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000548 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
24301cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
24311cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
24321cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9844A0BB316CF0FBD2598A1D4D38504B202E5F6
24331cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
24341cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24351cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24361cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
24371cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
24381cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
24391cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24401cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24411cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24421cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24431cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24441cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24451cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24461cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24471cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24481cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24491cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24501cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24511cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24521cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24531cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24541cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24551cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24561cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24571cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24581cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24591cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24601cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24611cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24621cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c321:<flags> [calling]
24631cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
24641cd0.2358: supR3HardenedDllNotificationCallback: load 000007fed0990000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
24651cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
24661cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24671cd0.2358: supR3HardenedDllNotificationCallback: load 000007feeadf0000 LB 0x0011d000 C:\WINDOWS\system32\OPENGL32.dll [fFlags=0x0]
24681cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24691cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
24701cd0.2358: supR3HardenedDllNotificationCallback: load 000007feeb200000 LB 0x0002d000 C:\WINDOWS\system32\GLU32.dll [fFlags=0x0]
24711cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
24721cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24731cd0.2358: supR3HardenedDllNotificationCallback: load 000007feeacf0000 LB 0x000f1000 C:\WINDOWS\system32\DDRAW.dll [fFlags=0x0]
24741cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24751cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24761cd0.2358: supR3HardenedDllNotificationCallback: load 000007feeb1f0000 LB 0x00008000 C:\WINDOWS\system32\DCIMAN32.dll [fFlags=0x0]
24771cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24781cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24791cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefa960000 LB 0x00018000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
24801cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24811cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24821cd0.2358: supR3HardenedDllNotificationCallback: load 000000005f6a0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
24831cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24841cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefd360000 LB 0x00d8b000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
24851cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24861cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
24871cd0.2358: supR3HardenedDllNotificationCallback: load 000007feeddb0000 LB 0x00018000 C:\WINDOWS\system32\MPR.dll [fFlags=0x0]
24881cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
24891cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24901cd0.2358: supR3HardenedDllNotificationCallback: load 000007fed0390000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
24911cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24921cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
24931cd0.2358: supR3HardenedDllNotificationCallback: load 000000005f130000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
24941cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
24951cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
24961cd0.2358: supR3HardenedDllNotificationCallback: load 000007feeeca0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
24971cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
24981cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
24991cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef7820000 LB 0x00071000 C:\WINDOWS\system32\WINSPOOL.DRV [fFlags=0x0]
25001cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
25011cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefd1b0000 LB 0x00097000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
25021cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
25031cd0.2358: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll: Owner is administrators group.
25041cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
25051cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25061cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25071cd0.2358: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
25081cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
25091cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef78a0000 LB 0x000a0000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
25101cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
25111cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
25121cd0.2358: supR3HardenedDllNotificationCallback: load 00000000639d0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
25131cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
25141cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25151cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef7e20000 LB 0x0003b000 C:\WINDOWS\system32\WINMM.dll [fFlags=0x0]
25161cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25171cd0.2358: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
25181cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
25191cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
25201cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25221cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25231cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25241cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25251cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25261cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b801:<flags> [calling]
25271cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe410000 'C:\WINDOWS\system32\imm32.dll'
25281cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.DLL'
25291cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
25301cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
25311cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb60000 'C:\WINDOWS\system32\cryptbase.dll'
25321cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0990000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
25331cd0.2358: SUPR3HardenedMain: Calling TrustedMain (000007fed09914f0)...
25341cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25351cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029dbd1:<flags> [calling]
25361cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
25371cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
25381cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ddd1:<flags> [calling]
25391cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
25401cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
25411cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029c2b1:<flags> [calling]
25421cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd10000 'C:\WINDOWS\system32\profapi.dll'
25431cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
25441cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
25451cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
25461cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
25471cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
25481cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
25491cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
25501cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
25511cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
25521cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
25531cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
25541cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
25551cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
25561cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25571cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25581cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25591cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25601cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25611cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
25621cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
25631cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
25641cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25651cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25661cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
25671cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
25681cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25711cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
25721cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
25731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25741cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
25761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
25771cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
25781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25821cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25831cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25851cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029e5a1:<flags> [calling]
25861cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
25871cd0.2358: supR3HardenedDllNotificationCallback: load 000007fed7b10000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
25881cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
25891cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed7b10000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
25901cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
25911cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029e4d1:<flags> [calling]
25921cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb60000 'C:\WINDOWS\system32\CRYPTBASE.dll'
25931cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25941cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
25951cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
25961cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
25971cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
25981cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25991cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26001cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
26011cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
26021cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
26031cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26041cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26051cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26061cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26071cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26081cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26091cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26101cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
26111cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ded1:<flags> [calling]
26121cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26131cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefade0000 LB 0x00056000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
26141cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26151cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefade0000 'C:\WINDOWS\system32\uxtheme.dll'
26161cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26171cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d911:<flags> [calling]
26181cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefade0000 'C:\WINDOWS\system32\uxtheme.dll'
26191cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26201cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d681:<flags> [calling]
26211cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefade0000 'C:\WINDOWS\system32\uxtheme.dll'
26221cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26231cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029d681:<flags> [calling]
26241cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefade0000 'C:\WINDOWS\system32\uxtheme.dll'
26251cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
26261cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029e7c1:<flags> [calling]
26271cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\WINDOWS\system32\user32.dll'
26281cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26291cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029e7e1:<flags> [calling]
26301cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\shell32.dll'
26311cd0.2358: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
26321cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\WINDOWS\system32\wintab32.dll'
26331cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
26341cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ddb1:<flags> [calling]
26351cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa960000 'C:\WINDOWS\system32\dwmapi.dll'
26361cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26371cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ec01:<flags> [calling]
26381cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
26391cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26401cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ec01:<flags> [calling]
26411cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
26421cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26431cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029eee1:<flags> [calling]
26441cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\shell32.dll'
26451cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26461cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029eeb1:<flags> [calling]
26471cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefade0000 'C:\WINDOWS\system32\uxtheme.dll'
26481cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\advapi32.dll'
26491cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
26501cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ee11:<flags> [calling]
26511cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf10000 'C:\WINDOWS\system32\userenv.dll'
26521cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
26531cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029eef1:<flags> [calling]
26541cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'C:\WINDOWS\system32\kernel32.dll'
26551cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26561cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
26571cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
26581cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
26591cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
26601cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26611cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26621cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
26631cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26641cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26671cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
26681cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26711cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26721cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26731cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26771cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26801cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
26811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26821cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26831cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029cc31:<flags> [calling]
26841cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26851cd0.2358: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00099000 C:\WINDOWS\system32\CLBCatQ.DLL [fFlags=0x0]
26861cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26871cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\WINDOWS\system32\CLBCatQ.DLL'
26881cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
26891cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
26901cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ba81:<flags> [calling]
26911cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4d0000 'C:\WINDOWS\system32\CRYPTSP.dll'
26921cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
26931cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
26941cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
26951cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
26961cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
26971cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26981cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
26991cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
27001cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
27011cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27021cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27031cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029b641:<flags> [calling]
27041cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
27051cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcc10000 LB 0x00014000 C:\WINDOWS\system32\RpcRtRemote.dll [fFlags=0x0]
27061cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
27071cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\WINDOWS\system32\RpcRtRemote.dll'
27081cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27091cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27101cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27111cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
27121cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27131cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27141cd0.7e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
27151cd0.7e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27161cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27171cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27181cd0.7e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27191cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27201cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27211cd0.7e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
27221cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27231cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27241cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27251cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27261cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27271cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27281cd0.7e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
27291cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27301cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27311cd0.7e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000064ae461:<flags> [calling]
27321cd0.7e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27331cd0.7e4: supR3HardenedDllNotificationCallback: load 000007fecfe40000 LB 0x00545000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
27341cd0.7e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27351cd0.7e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecfe40000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
27361cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27371cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27381cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27391cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
27401cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27411cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27421cd0.7e4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
27431cd0.7e4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
27441cd0.7e4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
27451cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27461cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27471cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27481cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27491cd0.7e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27501cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27511cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27521cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27531cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27541cd0.7e4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27551cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27561cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27571cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27581cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27591cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27601cd0.7e4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27611cd0.7e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000064acec1:<flags> [calling]
27621cd0.7e4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
27631cd0.7e4: supR3HardenedDllNotificationCallback: load 000007feddf50000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
27641cd0.7e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
27651cd0.7e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feddf50000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
27661cd0.7e4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27671cd0.7e4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000064acd51:<flags> [calling]
27681cd0.7e4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\Windows\system32\oleaut32.dll'
27691cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
27701cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'C:\WINDOWS\system32\gdi32.dll'
27711cd0.1990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27721cd0.1990: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27731cd0.1990: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
27741cd0.1990: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
27751cd0.1990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27761cd0.1990: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27771cd0.1990: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27781cd0.1990: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27791cd0.1990: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005f5a071:<flags> [calling]
27801cd0.1990: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
27811cd0.1990: supR3HardenedDllNotificationCallback: load 000007feefff0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
27821cd0.1990: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
27831cd0.1990: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefff0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
27841cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
27851cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029a9e1:<flags> [calling]
27861cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\shell32.dll'
27871cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
27881cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27891cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
27901cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
27911cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5openglvbox.dll'.
27921cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
27931cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
27941cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
27951cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
27961cd0.2358: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000990 (hFile=0000000000000988) with 0xc0000022 -> STATUS_TRUST_FAILURE
27971cd0.2358: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
27981cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000099c pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
27991cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
28001cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
28011cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=279DFE2A04C40CE4B22260C26A5BB57DF440B52E
28021cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
28031cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28041cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
28051cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
28061cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
28071cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
28081cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
28091cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
28101cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
28111cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
28121cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
28131cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
28141cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
28151cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
28161cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
28171cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
28181cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28191cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28201cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28211cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28221cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
28231cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
28241cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28251cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28261cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
28271cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
28281cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
28291cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28301cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28311cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28321cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28331cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
28341cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
28351cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
28361cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28371cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28381cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28391cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28401cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
28411cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
28421cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefcb00000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
28431cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
28441cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb00000 'C:\WINDOWS\system32\apphelp.dll'
28451cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
28461cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
28471cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\shell32.dll'
28481cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\shell32.dll'
28491cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\shell32.dll'
28501cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
28511cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28521cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002982c1:<flags> [calling]
28531cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\WINDOWS\system32\OLEAUT32.dll'
28541cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28551cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
28561cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
28571cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=218C1AAD1281A2A1921BC1B767D1025BE6746017
28581cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_350_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
28591cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28601cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28611cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
28621cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
28631cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
28641cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
28651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wbemcomn2.dll'.
28661cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
28671cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28681cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
28691cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
28701cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
28711cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
28721cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
28731cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9F1FA513EC59375B5DC2C095E9815AD8F398366
28741cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-onecoreadmin-Package~31bf3856ad364e35~amd64~~7.3.7601.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll'
28751cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28761cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28771cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
28781cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
28791cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
28801cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'bcrypt.dll'.
28811cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
28821cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll) WinVerifyTrust
28831cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
28841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28851cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28861cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28871cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28881cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28891cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28901cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28911cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28921cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28931cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28941cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28951cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28961cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28971cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
28981cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
28991cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
29001cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
29011cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29021cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29031cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29041cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29051cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29061cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29071cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29081cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29091cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000296b11:<flags> [calling]
29101cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
29111cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefaaa0000 LB 0x0000e000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
29121cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
29131cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
29141cd0.2358: supR3HardenedDllNotificationCallback: load 000007fefaa20000 LB 0x00077000 C:\WINDOWS\system32\wbemcomn2.DLL [fFlags=0x0]
29151cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
29161cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaaa0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
29171cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a4c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29181cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
29191cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
29201cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B1597D4E6B91795ED83BB9AA1F2FCD83195D7BD5
29211cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_350_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
29221cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29231cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29241cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
29251cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29261cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
29271cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
29281cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29291cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29301cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29311cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29321cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29331cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29341cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29351cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
29361cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29371cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29381cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002967d1:<flags> [calling]
29391cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29401cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef5a90000 LB 0x00013000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
29411cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29421cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5a90000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
29431cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a5c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29441cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
29451cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
29461cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59E3C520DE1B4D9524FACA78CDAD7C5C4EE30294
29471cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-onecoreadmin-Package~31bf3856ad364e35~amd64~~7.3.7601.16384.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
29481cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29491cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29501cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
29511cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
29521cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
29531cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wbemcomn2.dll'.
29541cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ntdsapi.dll'.
29551cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
29561cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29571cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
29581cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
29591cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a38 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29601cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
29611cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
29621cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
29631cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
29641cd0.2358: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29651cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29661cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
29671cd0.2358: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
29681cd0.2358: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
29691cd0.2358: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29701cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
29711cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
29721cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
29731cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29741cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29751cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29761cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29771cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29781cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29791cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29801cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29811cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29821cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29831cd0.2358: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29841cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29851cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29861cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29871cd0.2358: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29881cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002967d1:<flags> [calling]
29891cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29901cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef5f70000 LB 0x000d3000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
29911cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29921cd0.2358: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29931cd0.2358: supR3HardenedDllNotificationCallback: load 000007fef5f20000 LB 0x00027000 C:\WINDOWS\system32\NTDSAPI.dll [fFlags=0x0]
29941cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29951cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f70000 'C:\WINDOWS\system32\wbem\fastprox.dll'
29961cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29971cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000296111:<flags> [calling]
29981cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\WINMM.dll'
29991cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30001cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30011cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30021cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
30031cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
30041cd0.14f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll) WinVerifyTrust
30051cd0.14f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
30061cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30071cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30081cd0.14f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
30091cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30101cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30111cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30121cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30131cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30141cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30151cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30161cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30171cd0.14f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
30181cd0.14f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000009c6e681:<flags> [calling]
30191cd0.14f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
30201cd0.14f0: supR3HardenedDllNotificationCallback: load 000007fed78b0000 LB 0x0018c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL [fFlags=0x0]
30211cd0.14f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.dll
30221cd0.14f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed78b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxVRDP.DLL'
30231cd0.23a0: \Device\HarddiskVolume2\Windows\System32\PrxerDrv.dll: Owner is administrators group.
30241cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
30251cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
30261cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
30271cd0.23a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PrxerDrv.dll) WinVerifyTrust
30281cd0.23a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PrxerDrv.dll
30291cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30301cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30311cd0.23a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
30321cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30331cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30341cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30351cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30361cd0.23a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\PrxerDrv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c63ef91:<flags> [calling]
30371cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PrxerDrv.dll
30381cd0.23a0: supR3HardenedDllNotificationCallback: load 000007fefbe30000 LB 0x00020000 C:\WINDOWS\system32\PrxerDrv.dll [fFlags=0x0]
30391cd0.23a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PrxerDrv.dll
30401cd0.23a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\WINDOWS\system32\PrxerDrv.dll'
30411cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
30421cd0.23a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL)
30431cd0.23a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
30441cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b70 (hFile=0000000000000b34) with 0xc0000022 -> STATUS_TRUST_FAILURE
30451cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL [avoiding WinVerifyTrust]
30461cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b34 (hFile=0000000000000b70) with 0xc0000022 -> STATUS_TRUST_FAILURE
30471cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL [avoiding WinVerifyTrust]
30481cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b70 (hFile=0000000000000b34) with 0xc0000022 -> STATUS_TRUST_FAILURE
30491cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
30501cd0.23a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wship6.dll)
30511cd0.23a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wship6.dll
30521cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b28 (hFile=0000000000000b70) with 0xc0000022 -> STATUS_TRUST_FAILURE
30531cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wship6.dll [avoiding WinVerifyTrust]
30541cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b70 (hFile=0000000000000b28) with 0xc0000022 -> STATUS_TRUST_FAILURE
30551cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wship6.dll [avoiding WinVerifyTrust]
30561cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b28 (hFile=0000000000000b70) with 0xc0000022 -> STATUS_TRUST_FAILURE
30571cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30581cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
30591cd0.23a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wshqos.dll)
30601cd0.23a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wshqos.dll
30611cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b74 (hFile=0000000000000b28) with 0xc0000022 -> STATUS_TRUST_FAILURE
30621cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wshqos.dll [avoiding WinVerifyTrust]
30631cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b28 (hFile=0000000000000b74) with 0xc0000022 -> STATUS_TRUST_FAILURE
30641cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wshqos.dll [avoiding WinVerifyTrust]
30651cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b74 (hFile=0000000000000b28) with 0xc0000022 -> STATUS_TRUST_FAILURE
30661cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wshqos.dll [avoiding WinVerifyTrust]
30671cd0.23a0: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000b28 (hFile=0000000000000b74) with 0xc0000022 -> STATUS_TRUST_FAILURE
30681cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b70 pwszName=\Device\HarddiskVolume2\Windows\System32\wshqos.dll
30691cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
30701cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
30711cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C23B4C6FDCEAF7E1814552C6D63A607C2B53AC92
30721cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\wshqos.dll'
30731cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30741cd0.23a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wshqos.dll'
30751cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b34 pwszName=\Device\HarddiskVolume2\Windows\System32\wship6.dll
30761cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
30771cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
30781cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=68F2FDFC5151940B71C922BC59B7767F02726F85
30791cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\wship6.dll'
30801cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30811cd0.23a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wship6.dll'
30821cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b6c pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
30831cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
30841cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
30851cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
30861cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
30871cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30881cd0.23a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
30891cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b74 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
30901cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
30911cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
30921cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
30931cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
30941cd0.23a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30951cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30961cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30971cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
30981cd0.23a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
30991cd0.23a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
31001cd0.23a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
31011cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31021cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31031cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31041cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31051cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31061cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31071cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31081cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31091cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31101cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31111cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31121cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31131cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31141cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31151cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31161cd0.23a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31171cd0.23a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c63e8f1:<flags> [calling]
31181cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
31191cd0.23a0: supR3HardenedDllNotificationCallback: load 000007fefc420000 LB 0x00055000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
31201cd0.23a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
31211cd0.23a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc420000 'C:\WINDOWS\system32\mswsock.dll'
31221cd0.23a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
31231cd0.23a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c63eb51:<flags> [calling]
31241cd0.23a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
31251cd0.23a0: supR3HardenedDllNotificationCallback: load 000007fefbe10000 LB 0x00007000 C:\WINDOWS\System32\wshtcpip.dll [fFlags=0x0]
31261cd0.23a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
31271cd0.23a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe10000 'C:\WINDOWS\System32\wshtcpip.dll'
31281cd0.23a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
31291cd0.23a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c63e8a1:<flags> [calling]
31301cd0.23a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc420000 'C:\WINDOWS\system32\mswsock.dll'
31311cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31321cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
31331cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31341cd0.14f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
31351cd0.14f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31361cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31371cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31381cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
31391cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
31401cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
31411cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31421cd0.14f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
31431cd0.14f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
31441cd0.14f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
31451cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31461cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31471cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31481cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31491cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31501cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31511cd0.14f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31521cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31531cd0.14f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31541cd0.14f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000009c6e241:<flags> [calling]
31551cd0.14f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31561cd0.14f0: supR3HardenedDllNotificationCallback: load 000007fecfb70000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
31571cd0.14f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31581cd0.14f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
31591cd0.14f0: supR3HardenedDllNotificationCallback: load 000000005f020000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
31601cd0.14f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
31611cd0.14f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecfb70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
31621cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c40 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
31631cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
31641cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
31651cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
31661cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
31671cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31681cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
31691cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31701cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
31711cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
31721cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
31731cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
31741cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
31751cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
31761cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
31771cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
31781cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
31791cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
31801cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c5c pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
31811cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
31821cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
31831cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
31841cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
31851cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31861cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31871cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
31881cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
31891cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
31901cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
31911cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
31921cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
31931cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
31941cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
31951cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31961cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31971cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31981cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31991cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32001cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32011cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
32021cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
32031cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32041cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32051cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
32061cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
32071cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
32081cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32091cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32101cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
32111cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
32121cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c2c pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
32131cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
32141cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
32151cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
32161cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_512_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
32171cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32181cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32191cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
32201cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
32211cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
32221cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
32231cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32241cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32251cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
32261cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32271cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32281cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32291cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32301cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
32311cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32321cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32331cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32341cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32351cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8b2e1:<flags> [calling]
32361cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
32371cd0.810: supR3HardenedDllNotificationCallback: load 000007fef6560000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
32381cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
32391cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
32401cd0.810: supR3HardenedDllNotificationCallback: load 000007fef73f0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
32411cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
32421cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
32431cd0.810: supR3HardenedDllNotificationCallback: load 000007fef73e0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
32441cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
32451cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6560000 'C:\Windows\system32\netcfgx.dll'
32461cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
32471cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8cae1:<flags> [calling]
32481cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb70000 'C:\WINDOWS\system32\SETUPAPI.dll'
32491cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32501cd0.810: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
32511cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
32521cd0.810: supR3HardenedDllNotificationCallback: load 000007fefbf70000 LB 0x00012000 C:\WINDOWS\system32\devrtl.DLL [fFlags=0x0]
32531cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
32541cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c98 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
32551cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
32561cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
32571cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
32581cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
32591cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32601cd0.810: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
32611cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
32621cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32631cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32641cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8c881:<flags> [calling]
32651cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\WINTRUST.dll'
32661cd0.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32671cd0.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32681cd0.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32691cd0.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
32701cd0.1ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
32711cd0.1ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32721cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32731cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32741cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32751cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32761cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32771cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32781cd0.1ce0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32791cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32801cd0.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32811cd0.1ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d49d7d1:<flags> [calling]
32821cd0.1ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32831cd0.1ce0: supR3HardenedDllNotificationCallback: load 000007feefdb0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
32841cd0.1ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
32851cd0.1ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefdb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
32861cd0.1ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\WINDOWS\system32\User32.dll'
32871cd0.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32881cd0.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
32891cd0.1c4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32901cd0.1c4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
32911cd0.1c4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
32921cd0.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32931cd0.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32941cd0.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
32951cd0.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
32961cd0.1c4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
32971cd0.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32981cd0.1c4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32991cd0.1c4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d6fd8b1:<flags> [calling]
33001cd0.1c4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
33011cd0.1c4c: supR3HardenedDllNotificationCallback: load 000007feefb00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
33021cd0.1c4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
33031cd0.1c4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefb00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
33041cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
33051cd0.810: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000cd8 (hFile=0000000000000ce8) with 0xc0000022 -> STATUS_TRUST_FAILURE
33061cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33071cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
33081cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33091cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
33101cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
33111cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
33121cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
33131cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
33141cd0.1890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
33151cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
33161cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33171cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33181cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33191cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33201cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
33211cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33221cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33231cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
33241cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
33251cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
33261cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33271cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
33281cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33291cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
33301cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
33311cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
33321cd0.1890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
33331cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
33341cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33351cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33361cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33371cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33381cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33391cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
33401cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
33411cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
33421cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33431cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33441cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33451cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33461cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
33471cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
33481cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33491cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33501cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33511cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33521cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
33531cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
33541cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
33551cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33561cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33571cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95da71:<flags> [calling]
33581cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
33591cd0.1890: supR3HardenedDllNotificationCallback: load 000007fed65b0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
33601cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
33611cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
33621cd0.1890: supR3HardenedDllNotificationCallback: load 000007fee7a90000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
33631cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
33641cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
33651cd0.1890: supR3HardenedDllNotificationCallback: load 000007fee7a60000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
33661cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
33671cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed65b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
33681cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
33691cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95e8b1:<flags> [calling]
33701cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7a60000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
33711cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33721cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
33731cd0.1890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
33741cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
33751cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
33761cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
33771cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
33781cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33791cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33801cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95e851:<flags> [calling]
33811cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
33821cd0.1890: supR3HardenedDllNotificationCallback: load 000007feeed80000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
33831cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
33841cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeed80000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
33851cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
33861cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95c851:<flags> [calling]
33871cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
33881cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32/opengl32.dll'
33891cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
33901cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95e3a1:<flags> [calling]
33911cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
33921cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'C:\WINDOWS\system32\gdi32.dll'
33931cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'C:\WINDOWS\system32\gdi32.dll'
33941cd0.1890: \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll: Owner is administrators group.
33951cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
33961cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
33971cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
33981cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
33991cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
34001cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wtsapi32.dll'.
34011cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'.
34021cd0.1890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvoglv64.dll) WinVerifyTrust
34031cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll
34041cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
34051cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
34061cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
34071cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
34081cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
34091cd0.1890: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d34 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
34101cd0.1890: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
34111cd0.1890: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
34121cd0.1890: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
34131cd0.1890: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
34141cd0.1890: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34151cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34161cd0.1890: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
34171cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
34181cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
34191cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
34201cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
34211cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34221cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34231cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
34241cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
34251cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
34261cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
34271cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34281cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34291cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34301cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34311cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvoglv64.dll (Input=nvoglv64, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95dbd1:<flags> [calling]
34321cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll
34331cd0.1890: supR3HardenedDllNotificationCallback: load 0000000068bd0000 LB 0x01d44000 C:\WINDOWS\system32\nvoglv64.dll [fFlags=0x0]
34341cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvoglv64.dll
34351cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
34361cd0.1890: supR3HardenedDllNotificationCallback: load 000007fefbf00000 LB 0x00011000 C:\WINDOWS\system32\WTSAPI32.dll [fFlags=0x0]
34371cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
34381cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
34391cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95d051:<flags> [calling]
34401cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'C:\WINDOWS\system32\gdi32.dll'
34411cd0.1890: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'.
34421cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34431cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
34441cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wldap32.dll'.
34451cd0.1890: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ntmarta.dll)
34461cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntmarta.dll
34471cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
34481cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
34491cd0.1890: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
34501cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
34511cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
34521cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34531cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34541cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ntmarta.dll (Input=ntmarta.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95cf31:<flags> [calling]
34551cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
34561cd0.1890: supR3HardenedDllNotificationCallback: load 000007fefba80000 LB 0x0002d000 C:\WINDOWS\system32\ntmarta.dll [fFlags=0x0]
34571cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
34581cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba80000 'C:\WINDOWS\system32\ntmarta.dll'
34591cd0.1890: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll'.
34601cd0.1890: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\ntmarta.dll' [rescheduled]
34611cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
34621cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95cfa1:<flags> [calling]
34631cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'C:\WINDOWS\system32\kernel32.dll'
34641cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
34651cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\KERNEL32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95cc91:<flags> [calling]
34661cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e20000 'C:\WINDOWS\system32\KERNEL32.DLL'
34671cd0.1890: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
34681cd0.1890: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
34691cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
34701cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\PSAPI.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95cc91:<flags> [calling]
34711cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [avoiding WinVerifyTrust]
34721cd0.1890: supR3HardenedDllNotificationCallback: load 00000000771e0000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [fFlags=0x0]
34731cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [avoiding WinVerifyTrust]
34741cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000771e0000 'C:\WINDOWS\system32\PSAPI.DLL'
34751cd0.1890: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
34761cd0.1890: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rescheduled]
34771cd0.1890: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dbghelp.dll'.
34781cd0.1890: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34791cd0.1890: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dbghelp.dll)
34801cd0.1890: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dbghelp.dll
34811cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34821cd0.1890: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34831cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dbghelp.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95cc91:<flags> [calling]
34841cd0.1890: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dbghelp.dll [avoiding WinVerifyTrust]
34851cd0.1890: supR3HardenedDllNotificationCallback: load 000007fef08f0000 LB 0x00125000 C:\WINDOWS\system32\dbghelp.dll [fFlags=0x0]
34861cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dbghelp.dll [avoiding WinVerifyTrust]
34871cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef08f0000 'C:\WINDOWS\system32\dbghelp.dll'
34881cd0.1890: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\dbghelp.dll'.
34891cd0.1890: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\dbghelp.dll' [rescheduled]
34901cd0.1890: supR3HardenedDllNotificationCallback: Unload 00000000771e0000 LB 0x00007000 C:\WINDOWS\system32\PSAPI.DLL [flags=0x0]
34911cd0.1890: supR3HardenedDllNotificationCallback: Unload 000007fef08f0000 LB 0x00125000 C:\WINDOWS\system32\dbghelp.dll [flags=0x0]
34921cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000068bd0000 'C:\WINDOWS\system32\nvoglv64.dll'
34931cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe340000 'C:\WINDOWS\system32\gdi32.dll'
34941cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d84 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
34951cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
34961cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
34971cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
34981cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
34991cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35001cd0.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35011cd0.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
35021cd0.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
35031cd0.1b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
35041cd0.1b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
35051cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
35061cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
35071cd0.1b58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
35081cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
35091cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
35101cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35111cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35121cd0.1b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\POWRPROF.DLL (Input=POWRPROF.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ee8f801:<flags> [calling]
35131cd0.1b58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
35141cd0.1b58: supR3HardenedDllNotificationCallback: load 000007fefbad0000 LB 0x0002c000 C:\WINDOWS\system32\POWRPROF.DLL [fFlags=0x0]
35151cd0.1b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
35161cd0.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbad0000 'C:\WINDOWS\system32\POWRPROF.DLL'
35171cd0.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\WINDOWS\system32\USER32.dll'
35181cd0.1b58: supR3HardenedDllNotificationCallback: Unload 000007fefbad0000 LB 0x0002c000 C:\WINDOWS\system32\POWRPROF.DLL [flags=0x0]
35191cd0.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f40000 'C:\WINDOWS\system32\USER32.dll'
35201cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db4 pwszName=\Device\HarddiskVolume2\Windows\System32\winsta.dll
35211cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
35221cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
35231cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1784FF9CB91ACF5CDF00DE84F778DD4A67C759FA
35241cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_51_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winsta.dll'
35251cd0.1b58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
35261cd0.1b58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
35271cd0.1b58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll) WinVerifyTrust
35281cd0.1b58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll
35291cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
35301cd0.1b58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
35311cd0.1b58: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ee8f6b1:<flags> [calling]
35321cd0.1b58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
35331cd0.1b58: supR3HardenedDllNotificationCallback: load 000007fefc020000 LB 0x0003d000 C:\WINDOWS\system32\WINSTA.dll [fFlags=0x0]
35341cd0.1b58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
35351cd0.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc020000 'C:\WINDOWS\system32\WINSTA.dll'
35361cd0.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
35371cd0.1b58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\WINDOWS\system32\RPCRT4.dll'
35381cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\opengl32.dll'
35391cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
35401cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95dec1:<flags> [calling]
35411cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa960000 'C:\WINDOWS\system32\dwmapi.dll'
35421cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35431cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35441cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35451cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35461cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35471cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35481cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
35491cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95e741:<flags> [calling]
35501cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35511cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35521cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35531cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35541cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35551cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
35561cd0.f70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35571cd0.f70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
35581cd0.f70: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
35591cd0.f70: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
35601cd0.f70: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
35611cd0.f70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35621cd0.f70: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35631cd0.f70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
35641cd0.f70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
35651cd0.f70: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35661cd0.f70: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35671cd0.f70: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000010d5d691:<flags> [calling]
35681cd0.f70: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
35691cd0.f70: supR3HardenedDllNotificationCallback: load 000007feefaf0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
35701cd0.f70: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
35711cd0.f70: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefaf0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
35721cd0.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35731cd0.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
35741cd0.2058: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
35751cd0.2058: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
35761cd0.2058: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
35771cd0.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
35781cd0.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
35791cd0.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
35801cd0.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
35811cd0.2058: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
35821cd0.2058: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
35831cd0.2058: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001109d951:<flags> [calling]
35841cd0.2058: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
35851cd0.2058: supR3HardenedDllNotificationCallback: load 000007feefae0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
35861cd0.2058: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
35871cd0.2058: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefae0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
35881cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\WINDOWS\system32\Shell32.dll'
35891cd0.810: supR3HardenedIsApiSetDll: '<NULL>' -> true
35901cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000cc89061:<flags> [calling]
35911cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
35921cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
35931cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8b391:<flags> [calling]
35941cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecfb70000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
35951cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
35961cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
35971cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
35981cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
35991cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
36001cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
36011cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
36021cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
36031cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
36041cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
36051cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
36061cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36071cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36081cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
36091cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
36101cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
36111cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
36121cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8c541:<flags> [calling]
36131cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
36141cd0.810: supR3HardenedDllNotificationCallback: load 000007fee1b90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
36151cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
36161cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1b90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
36171cd0.810: supR3HardenedDllNotificationCallback: Unload 000007fee1b90000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
36181cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
36191cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
36201cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
36211cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
36221cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
36231cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
36241cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
36251cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
36261cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
36271cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
36281cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
36291cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
36301cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
36311cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
36321cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
36331cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
36341cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
36351cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
36361cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
36371cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
36381cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
36391cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
36401cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36411cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36421cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
36431cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
36441cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
36451cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
36461cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
36471cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
36481cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
36491cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
36501cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
36511cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
36521cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
36531cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
36541cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
36551cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
36561cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
36571cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
36581cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
36591cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
36601cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
36611cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
36621cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
36631cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
36641cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
36651cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
36661cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
36671cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
36681cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
36691cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
36701cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
36711cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
36721cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
36731cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
36741cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
36751cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
36761cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
36771cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
36781cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
36791cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d681:<flags> [calling]
36801cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
36811cd0.810: supR3HardenedDllNotificationCallback: load 000007fecf1a0000 LB 0x009c3000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
36821cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
36831cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
36841cd0.810: supR3HardenedDllNotificationCallback: load 000007feeec20000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
36851cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
36861cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
36871cd0.810: supR3HardenedDllNotificationCallback: load 000007fee1b80000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
36881cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
36891cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecf1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
36901cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
36911cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d681:<flags> [calling]
36921cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
36931cd0.810: supR3HardenedDllNotificationCallback: load 000007fed9660000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
36941cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
36951cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed9660000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
36961cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
36971cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d681:<flags> [calling]
36981cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecfe40000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
36991cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
37001cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d591:<flags> [calling]
37011cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1b80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
37021cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37031cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
37041cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
37051cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
37061cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37071cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37081cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
37091cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
37101cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d591:<flags> [calling]
37111cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
37121cd0.810: supR3HardenedDllNotificationCallback: load 000007fee1b60000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
37131cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
37141cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1b60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
37151cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37161cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
37171cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
37181cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
37191cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37201cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37211cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
37221cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
37231cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d591:<flags> [calling]
37241cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
37251cd0.810: supR3HardenedDllNotificationCallback: load 000007fedf4d0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
37261cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
37271cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
37281cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37291cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
37301cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
37311cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
37321cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37331cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37341cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
37351cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
37361cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d591:<flags> [calling]
37371cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
37381cd0.810: supR3HardenedDllNotificationCallback: load 000007fedf4b0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
37391cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
37401cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf4b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
37411cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37421cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
37431cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
37441cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
37451cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37461cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37471cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
37481cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
37491cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
37501cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d591:<flags> [calling]
37511cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
37521cd0.810: supR3HardenedDllNotificationCallback: load 000007fedcbe0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
37531cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
37541cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedcbe0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
37551cd0.1ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37561cd0.1ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
37571cd0.1ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
37581cd0.1ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
37591cd0.1ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
37601cd0.1ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37611cd0.1ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37621cd0.1ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
37631cd0.1ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
37641cd0.1ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
37651cd0.1ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
37661cd0.1ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
37671cd0.1ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000010f7dd01:<flags> [calling]
37681cd0.1ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
37691cd0.1ba8: supR3HardenedDllNotificationCallback: load 000007fee70c0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
37701cd0.1ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
37711cd0.1ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee70c0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
37721cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
37731cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
37741cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
37751cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
37761cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
37771cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
37781cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
37791cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
37801cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
37811cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
37821cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
37831cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
37841cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
37851cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
37861cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
37871cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
37881cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
37891cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8ed01:<flags> [calling]
37901cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
37911cd0.810: supR3HardenedDllNotificationCallback: load 000007fed7a40000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
37921cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
37931cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed7a40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
37941cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
37951cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d511:<flags> [calling]
37961cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73f0000 'C:\WINDOWS\system32\Iphlpapi.dll'
37971cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000106c pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
37981cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
37991cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
38001cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC0AE0624E37D3E65E0DF3478A34662E1498D862
38011cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_211_for_KB2775511~31bf3856ad364e35~amd64~~6.1.2.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
38021cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38031cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38041cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
38051cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
38061cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
38071cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
38081cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
38091cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
38101cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38111cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38121cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38131cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38141cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e661:<flags> [calling]
38151cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
38161cd0.810: supR3HardenedDllNotificationCallback: load 000007fef6b50000 LB 0x00011000 C:\WINDOWS\system32\dhcpcsvc6.DLL [fFlags=0x0]
38171cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
38181cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6b50000 'C:\WINDOWS\system32\dhcpcsvc6.DLL'
38191cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
38201cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e381:<flags> [calling]
38211cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73f0000 'C:\WINDOWS\system32\IPHLPAPI.DLL'
38221cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001090 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
38231cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
38241cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
38251cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
38261cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
38271cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38281cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38291cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
38301cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
38311cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
38321cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
38331cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
38341cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
38351cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
38361cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
38371cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
38381cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
38391cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
38401cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38411cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38421cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38431cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38441cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e6b1:<flags> [calling]
38451cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
38461cd0.810: supR3HardenedDllNotificationCallback: load 000007fef6bb0000 LB 0x00018000 C:\WINDOWS\system32\dhcpcsvc.DLL [fFlags=0x0]
38471cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
38481cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bb0000 'C:\WINDOWS\system32\dhcpcsvc.DLL'
38491cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
38501cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e311:<flags> [calling]
38511cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef73f0000 'C:\WINDOWS\system32\IPHLPAPI.DLL'
38521cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000110c pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
38531cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
38541cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
38551cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
38561cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
38571cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38581cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38591cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
38601cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
38611cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
38621cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
38631cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
38641cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
38651cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
38661cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001110 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
38671cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
38681cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
38691cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
38701cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
38711cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
38721cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
38731cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
38741cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
38751cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
38761cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
38771cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
38781cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
38791cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38801cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38811cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
38821cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
38831cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38841cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38851cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
38861cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
38871cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
38881cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
38891cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
38901cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
38911cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
38921cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
38931cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
38941cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
38951cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
38961cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d461:<flags> [calling]
38971cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
38981cd0.810: supR3HardenedDllNotificationCallback: load 000007fefba30000 LB 0x0004b000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
38991cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
39001cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
39011cd0.810: supR3HardenedDllNotificationCallback: load 000007fefb900000 LB 0x0012c000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
39021cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
39031cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0d0000 'C:\WINDOWS\system32\ADVAPI32.dll'
39041cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba30000 'C:\WINDOWS\System32\MMDevApi.dll'
39051cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
39061cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
39071cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d791:<flags> [calling]
39081cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb70000 'C:\WINDOWS\system32\SETUPAPI.dll'
39091cd0.ca8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
39101cd0.ca8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001d78f6c1:<flags> [calling]
39111cd0.ca8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd50000 'C:\WINDOWS\system32\CFGMGR32.dll'
39121cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001164 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
39131cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
39141cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
39151cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
39161cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
39171cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
39181cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
39191cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
39201cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
39211cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
39221cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
39231cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
39241cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
39251cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
39261cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
39271cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
39281cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
39291cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
39301cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
39311cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
39321cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
39331cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
39341cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
39351cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
39361cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
39371cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
39381cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
39391cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
39401cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d581:<flags> [calling]
39411cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
39421cd0.810: supR3HardenedDllNotificationCallback: load 000007fed8260000 LB 0x00088000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
39431cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
39441cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
39451cd0.810: supR3HardenedDllNotificationCallback: load 000007fefbad0000 LB 0x0002c000 C:\WINDOWS\System32\POWRPROF.dll [fFlags=0x0]
39461cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
39471cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
39481cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8c801:<flags> [calling]
39491cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\System32\dsound.dll'
39501cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\System32\dsound.dll'
39511cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
39521cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d6b1:<flags> [calling]
39531cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
39541cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
39551cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e2b1:<flags> [calling]
39561cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed50000 'C:\WINDOWS\system32\SHLWAPI.dll'
39571cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
39581cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e4d1:<flags> [calling]
39591cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba30000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
39601cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
39611cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
39621cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e101:<flags> [calling]
39631cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
39641cd0.810: supR3HardenedIsApiSetDll: '<NULL>' -> true
39651cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000cc8df61:<flags> [calling]
39661cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-WIN-Service-Management-L1-1-0.dll'
39671cd0.810: supR3HardenedIsApiSetDll: '<NULL>' -> true
39681cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000cc8df61:<flags> [calling]
39691cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff300000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
39701cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\WINDOWS\system32\RPCRT4.dll'
39711cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
39721cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dfc1:<flags> [calling]
39731cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba30000 'C:\WINDOWS\system32\MMDevAPI.DLL'
39741cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a0 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
39751cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
39761cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
39771cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
39781cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
39791cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
39801cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
39811cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
39821cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
39831cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
39841cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
39851cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
39861cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
39871cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
39881cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
39891cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
39901cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
39911cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
39921cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a4 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
39931cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
39941cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
39951cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
39961cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
39971cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
39981cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
39991cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
40001cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
40011cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
40021cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
40031cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
40041cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
40051cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
40061cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
40071cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
40081cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
40091cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
40101cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
40111cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
40121cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
40131cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
40141cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
40151cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
40161cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
40171cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
40181cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
40191cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
40201cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
40211cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
40221cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
40231cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
40241cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
40251cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
40261cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8db31:<flags> [calling]
40271cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40281cd0.810: supR3HardenedDllNotificationCallback: load 000007feea9f0000 LB 0x0003b000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
40291cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40301cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
40311cd0.810: supR3HardenedDllNotificationCallback: load 000000006ef40000 LB 0x00006000 C:\WINDOWS\system32\ksuser.dll [fFlags=0x0]
40321cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
40331cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
40341cd0.810: supR3HardenedDllNotificationCallback: load 000007fefbe20000 LB 0x00009000 C:\WINDOWS\system32\AVRT.dll [fFlags=0x0]
40351cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
40361cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40371cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40381cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8db31:<flags> [calling]
40391cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40401cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40411cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dce1:<flags> [calling]
40421cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40431cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40441cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dce1:<flags> [calling]
40451cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40461cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40471cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dce1:<flags> [calling]
40481cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40491cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
40501cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
40511cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
40521cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
40531cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_165_for_KB4074598~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
40541cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
40551cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
40561cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
40571cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
40581cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
40591cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
40601cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
40611cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
40621cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
40631cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
40641cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
40651cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
40661cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
40671cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
40681cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
40691cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
40701cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
40711cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
40721cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
40731cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
40741cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
40751cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
40761cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
40771cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
40781cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
40791cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dcf1:<flags> [calling]
40801cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
40811cd0.810: supR3HardenedDllNotificationCallback: load 000007feea9a0000 LB 0x0004f000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
40821cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
40831cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9a0000 'C:\WINDOWS\system32\AUDIOSES.DLL'
40841cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40851cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dce1:<flags> [calling]
40861cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40871cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
40881cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dce1:<flags> [calling]
40891cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40901cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40911cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40921cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40931cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9f0000 'C:\WINDOWS\system32\wdmaud.drv'
40941cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
40951cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
40961cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
40971cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
40981cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
40991cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
41001cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
41011cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
41021cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
41031cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
41041cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
41051cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
41061cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41071cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
41081cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
41091cd0.810: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
41101cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
41111cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
41121cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011c4 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
41131cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
41141cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
41151cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
41161cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
41171cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
41181cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
41191cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
41201cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
41211cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
41221cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
41231cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
41241cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
41251cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
41261cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
41271cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
41281cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
41291cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
41301cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
41311cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
41321cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
41331cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
41341cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
41351cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
41361cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
41371cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
41381cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
41391cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
41401cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
41411cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dae1:<flags> [calling]
41421cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41431cd0.810: supR3HardenedDllNotificationCallback: load 000007fee71b0000 LB 0x0000a000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
41441cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41451cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
41461cd0.810: supR3HardenedDllNotificationCallback: load 000007fee7190000 LB 0x00018000 C:\WINDOWS\system32\MSACM32.dll [fFlags=0x0]
41471cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
41481cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41491cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41501cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4e1:<flags> [calling]
41511cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41521cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41531cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4e1:<flags> [calling]
41541cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41551cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41561cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4e1:<flags> [calling]
41571cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41581cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41591cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4e1:<flags> [calling]
41601cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41611cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41621cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4e1:<flags> [calling]
41631cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41641cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
41651cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4e1:<flags> [calling]
41661cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41671cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41681cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41691cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee71b0000 'C:\WINDOWS\system32\msacm32.drv'
41701cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011e8 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
41711cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000063f000
41721cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000063f000
41731cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
41741cd0.810: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
41751cd0.810: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
41761cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
41771cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
41781cd0.810: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
41791cd0.810: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
41801cd0.810: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
41811cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
41821cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
41831cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
41841cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
41851cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
41861cd0.810: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
41871cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dae1:<flags> [calling]
41881cd0.810: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
41891cd0.810: supR3HardenedDllNotificationCallback: load 000007fee70d0000 LB 0x00009000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
41901cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
41911cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee70d0000 'C:\WINDOWS\system32\midimap.dll'
41921cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
41931cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4b1:<flags> [calling]
41941cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee70d0000 'C:\WINDOWS\system32\midimap.dll'
41951cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
41961cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d4b1:<flags> [calling]
41971cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee70d0000 'C:\WINDOWS\system32\midimap.dll'
41981cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
41991cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8dae1:<flags> [calling]
42001cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee70d0000 'C:\WINDOWS\system32\midimap.dll'
42011cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42021cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42031cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42041cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
42051cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
42061cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8e101:<flags> [calling]
42071cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42081cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42091cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42101cd0.810: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
42111cd0.810: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cc8d681:<flags> [calling]
42121cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42131cd0.810: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42141cd0.14f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\WINDOWS\system32\OLEAUT32.dll'
42151cd0.2188: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
42161cd0.2188: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d15c631:<flags> [calling]
42171cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42181cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42191cd0.2188: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
42201cd0.2188: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d15c631:<flags> [calling]
42211cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42221cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42231cd0.2188: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
42241cd0.2188: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d15c631:<flags> [calling]
42251cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42261cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
4227...
42281cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42291cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42301cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42311cd0.2120: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
42321cd0.2120: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003d68dcd1:<flags> [calling]
42331cd0.2120: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9a0000 'C:\WINDOWS\System32\audioses.dll'
42341cd0.2188: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
42351cd0.2188: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d15c611:<flags> [calling]
42361cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42371cd0.2188: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
42381cd0.2188: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d15d9c1:<flags> [calling]
42391cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42401cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
4241...
42421cd0.2188: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
42431cd0.2188: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d15c611:<flags> [calling]
42441cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42451cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42461cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42471cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42481cd0.2360: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
42491cd0.2360: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003dcff861:<flags> [calling]
42501cd0.2360: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe20000 'C:\WINDOWS\system32\avrt.dll'
42511cd0.2358: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
42521cd0.2358: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000029ba61:<flags> [calling]
42531cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd250000 'C:\WINDOWS\system32\MSCTF.dll'
42541cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe0f0000 'C:\WINDOWS\system32\ole32.dll'
42551cd0.2358: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea90000 'C:\WINDOWS\system32\OLEAUT32.DLL'
42561cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42571cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42581cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
42591cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
42601cd0.1e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PrxerDrv.dll
42611cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\PrxerDrv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000162beeb1:<flags> [calling]
42621cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\WINDOWS\system32\PrxerDrv.dll'
42631cd0.1e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
42641cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000162be811:<flags> [calling]
42651cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc420000 'C:\WINDOWS\system32\mswsock.dll'
42661cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42671cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42681cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42691cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42701cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42711cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42721cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42731cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42741cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42751cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42761cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
42771cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f2d1:<flags> [calling]
42781cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4279...
42801cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42811cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
42821cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f151:<flags> [calling]
42831cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4284...
42851cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42861cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
42871cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f161:<flags> [calling]
42881cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4289...
42901cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42911cd0.20a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
42921cd0.20a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000eb0f081:<flags> [calling]
42931cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42941cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4295...
42961cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
42971cd0.20a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
42981cd0.20a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000eb0f081:<flags> [calling]
42991cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4300...
43011cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43021cd0.1e6c: \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll: Owner is administrators group.
43031cd0.1e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
43041cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000162bc8f1:<flags> [calling]
43051cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\WINTRUST.DLL'
43061cd0.1e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
43071cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000162bc721:<flags> [calling]
43081cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\WINDOWS\system32\CRYPT32.dll'
43091cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2d20000 'C:\WINDOWS\system32\cryptnet.dll'
43101cd0.1e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
43111cd0.1e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
43121cd0.1e6c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
43131cd0.1e6c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll) WinVerifyTrust
43141cd0.1e6c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll
43151cd0.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
43161cd0.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
43171cd0.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
43181cd0.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
43191cd0.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
43201cd0.1e6c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
43211cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\PrxerNsp.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000162be831:<flags> [calling]
43221cd0.1e6c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll
43231cd0.1e6c: supR3HardenedDllNotificationCallback: load 000007fef4590000 LB 0x0001c000 C:\WINDOWS\System32\PrxerNsp.dll [fFlags=0x0]
43241cd0.1e6c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\PrxerNsp.dll
43251cd0.1e6c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4590000 'C:\WINDOWS\System32\PrxerNsp.dll'
4326...
43271cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43281cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43291cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f2c1:<flags> [calling]
43301cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4331...
43321cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43331cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43341cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f3e1:<flags> [calling]
4335...
43361cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43371cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43381cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f1e1:<flags> [calling]
43391cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4340...
43411cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43421cd0.1d28: supR3HardenedDllNotificationCallback: Unload 000007fef6560000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
43431cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4344...
43451cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43461cd0.20a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43471cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43481cd0.20a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000eb0efa1:<flags> [calling]
43491cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4350...
43511cd0.20a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43521cd0.20a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000eb0f081:<flags> [calling]
43531cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4354...
43551cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43561cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8260000 'C:\WINDOWS\system32\dsound.dll'
43571cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43581cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43591cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43601cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43611cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43621cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43631cd0.2188: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7e20000 'C:\WINDOWS\system32\winmm.dll'
43641cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4365...
43661cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43671cd0.20a4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43681cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43691cd0.20a4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000eb0f121:<flags> [calling]
43701cd0.20a4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4371...
43721cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
43731cd0.1890: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
43741cd0.1890: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d95f1e1:<flags> [calling]
43751cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4376...
43771cd0.1890: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeadf0000 'C:\WINDOWS\system32\OPENGL32.dll'
4378237c.1394: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 11343311 ms, the end);
43791b10.758: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 11343973 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy